CVE-2022-45912

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-45912
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45912.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-45912
Published
2022-12-05T22:15:11.227Z
Modified
2026-04-10T04:52:32.972614Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution.

References

Affected packages

Git / github.com/zimbra/zm-build

Affected ranges

Type
GIT
Repo
https://github.com/zimbra/zm-build
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ac6081fa002b1511e926aba37740d2b6c20f3f43
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b6cd8f69d2761c014d4a3807f0bdee0011386444
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.8.15"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0"
        }
    ]
}

Affected versions

8.*
8.7.10
8.7.11
8.7.6
8.7.7
8.7.9
8.8.0.beta1
8.8.10
8.8.12
8.8.15
8.8.2
8.8.3
8.8.4
8.8.6
8.8.7
8.8.8
8.8.9
8.8.9.p1
8.8.9.p3
9.*
9.0.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45912.json"