CVE-2022-45912

Source
https://cve.org/CVERecord?id=CVE-2022-45912
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45912.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-45912
Published
2022-12-05T00:00:00Z
Modified
2026-07-15T01:48:52.884864951Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/45xxx/CVE-2022-45912.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/zimbra/zm-build

Affected ranges

Type
GIT
Repo
https://github.com/zimbra/zm-build
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:zimbra:collaboration:8.8.15:*:*:*:*:*:*:*",
        "cpe:2.3:a:zimbra:collaboration:9.0.0:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "8.8.15"
        },
        {
            "last_affected": "8.8.15"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "last_affected": "9.0.0"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

8.*
8.8.15
9.*
9.0.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45912.json"