exploitDog

CVE-2022-45912

Опубликовано: 05 дек. 2022

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution.

Ссылки

https://gist.github.com/Threonic/e90c85e11e1ac925ff57783988779e76
Third Party Advisory
https://gist.github.com/Threonic/e90c85e11e1ac925ff57783988779e76
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zimbra:collaboration:8.8.15:*:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02388

Низкий

7.2 High

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-fh6w-cgmm-fxrj

CVSS3: 7.2

github

около 3 лет назад

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution.

EPSS

Процентиль: 85%

0.02388

Низкий

7.2 High

CVSS3

Дефекты

CWE-434

CWE-434