A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Authentication Bypass and Directory Traversal vulnerabilities for Zimbra email platform (CVE-2022-27925, CVE-2022-37042)

Authentication Bypass and Directory Traversal vulnerabilities for Zimbra email platform (CVE-2022-27925, CVE-2022-37042)

Advisory No: TZCERT/SA/2022/08/17

Date of First Release: 17th August 2022

Source: Zimbra

Software Affected:  Zimbra  8.8.15  and 9.0

Overview:

Zimbra is affected by two high severity vulnerabilities ( CVSS score 7.2) due to weakness in Zimbra Collaboration, both of which could be chained to allow unauthenticated remote code execution on the affected email servers.

Description:

CVE-2022-27925 is a high severity vulnerability in Zimbra Collaboration Suite (ZCS) that uses mboximport functionality to receive a ZIP archive and extract files from it. An authenticated user can upload arbitrary files to the system, resulting in directory traversal.

CVE-2022-37042 is an authentication bypass flaw that affects ZCS releases 8.8.15 and 9.0. The vulnerability could allow an unauthenticated malicious actor access to a vulnerable ZCS instance. This vulnerability was discovered in the MailboxImportServlet function.

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

Zimbra has released the patch to remediate the vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://www.cisa.gov/uscert/ncas/alerts/aa22-228a
  2. https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/
  3. https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/

Check Also

Log4Shell: Apache Log4j Remote Code Execution (CVE-2021-44228)

Advisory No: TZCERT/SA/2021/12/14 Date of First Release: 14th December 2021 Source: Apache Software Affected: All versions of Log4j from 2.0-beta9 …