CVE-2022-41352

🗓️ 26 Sep 2022 00:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 12 Media mentions👁 934 Views🌐 WEB

Zimbra Collaboration (ZCS) 8.8.15 and 9.0 allows arbitrary file upload via amavis, leading to incorrect access to user accounts

Reporter	Title	Published	Views	Family All 40
0day.today	Zimbra Collaboration Suite TAR Path Traversal Exploit	21 Oct 202200:00	–	zdt
GithubExploit	Exploit for Path Traversal in Zimbra Collaboration	17 Mar 202419:59	–	githubexploit
GithubExploit	Exploit for Path Traversal in Zimbra Collaboration	11 Nov 202220:58	–	githubexploit
GithubExploit	Exploit for Path Traversal in Zimbra Collaboration	10 Oct 202213:04	–	githubexploit
ICS	North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs	25 Jul 202412:00	–	ics
ATTACKERKB	CVE-2022-40684	18 Oct 202200:00	–	attackerkb
ATTACKERKB	CVE-2023-2868	24 May 202319:15	–	attackerkb
ATTACKERKB	CVE-2022-41352	26 Sep 202200:00	–	attackerkb
ATTACKERKB	CVE-2024-45519	2 Oct 202400:00	–	attackerkb
Circl	CVE-2022-41352	26 Sep 202207:22	–	circl

NVD

Node

synacor zimbra_collaboration_suiteMatch9.0.0-

synacor zimbra_collaboration_suiteMatch9.0.0p1

synacor zimbra_collaboration_suiteMatch9.0.0p10

synacor zimbra_collaboration_suiteMatch9.0.0p11

synacor zimbra_collaboration_suiteMatch9.0.0p12

synacor zimbra_collaboration_suiteMatch9.0.0p13

synacor zimbra_collaboration_suiteMatch9.0.0p14

synacor zimbra_collaboration_suiteMatch9.0.0p15

synacor zimbra_collaboration_suiteMatch9.0.0p16

synacor zimbra_collaboration_suiteMatch9.0.0p17

synacor zimbra_collaboration_suiteMatch9.0.0p18

synacor zimbra_collaboration_suiteMatch9.0.0p19

synacor zimbra_collaboration_suiteMatch9.0.0p2

synacor zimbra_collaboration_suiteMatch9.0.0p20

synacor zimbra_collaboration_suiteMatch9.0.0p21

synacor zimbra_collaboration_suiteMatch9.0.0p22

synacor zimbra_collaboration_suiteMatch9.0.0p23

synacor zimbra_collaboration_suiteMatch9.0.0p24

synacor zimbra_collaboration_suiteMatch9.0.0p24.1

synacor zimbra_collaboration_suiteMatch9.0.0p25

synacor zimbra_collaboration_suiteMatch9.0.0p26

synacor zimbra_collaboration_suiteMatch9.0.0p3

synacor zimbra_collaboration_suiteMatch9.0.0p4

synacor zimbra_collaboration_suiteMatch9.0.0p5

synacor zimbra_collaboration_suiteMatch9.0.0p6

synacor zimbra_collaboration_suiteMatch9.0.0p7

synacor zimbra_collaboration_suiteMatch9.0.0p8

synacor zimbra_collaboration_suiteMatch9.0.0p9

Node

synacor zimbra_collaboration_suiteMatch8.8.15-

synacor zimbra_collaboration_suiteMatch8.8.15p1

synacor zimbra_collaboration_suiteMatch8.8.15p10

synacor zimbra_collaboration_suiteMatch8.8.15p11

synacor zimbra_collaboration_suiteMatch8.8.15p12

synacor zimbra_collaboration_suiteMatch8.8.15p13

synacor zimbra_collaboration_suiteMatch8.8.15p14

synacor zimbra_collaboration_suiteMatch8.8.15p15

synacor zimbra_collaboration_suiteMatch8.8.15p16

synacor zimbra_collaboration_suiteMatch8.8.15p17

synacor zimbra_collaboration_suiteMatch8.8.15p18

synacor zimbra_collaboration_suiteMatch8.8.15p19

synacor zimbra_collaboration_suiteMatch8.8.15p2

synacor zimbra_collaboration_suiteMatch8.8.15p20

synacor zimbra_collaboration_suiteMatch8.8.15p21

synacor zimbra_collaboration_suiteMatch8.8.15p22

synacor zimbra_collaboration_suiteMatch8.8.15p23

synacor zimbra_collaboration_suiteMatch8.8.15p24

synacor zimbra_collaboration_suiteMatch8.8.15p25

synacor zimbra_collaboration_suiteMatch8.8.15p26

synacor zimbra_collaboration_suiteMatch8.8.15p27

synacor zimbra_collaboration_suiteMatch8.8.15p28

synacor zimbra_collaboration_suiteMatch8.8.15p29

synacor zimbra_collaboration_suiteMatch8.8.15p3

synacor zimbra_collaboration_suiteMatch8.8.15p30

synacor zimbra_collaboration_suiteMatch8.8.15p31

synacor zimbra_collaboration_suiteMatch8.8.15p31.1

synacor zimbra_collaboration_suiteMatch8.8.15p32

synacor zimbra_collaboration_suiteMatch8.8.15p33

synacor zimbra_collaboration_suiteMatch8.8.15p4

synacor zimbra_collaboration_suiteMatch8.8.15p5

synacor zimbra_collaboration_suiteMatch8.8.15p6

synacor zimbra_collaboration_suiteMatch8.8.15p7

synacor zimbra_collaboration_suiteMatch8.8.15p8

synacor zimbra_collaboration_suiteMatch8.8.15p9

Source	Link
wiki	www.wiki.zimbra.com/wiki/Security_Center
wiki	www.wiki.zimbra.com/wiki/Zimbra_Security_Advisories
secpod	www.secpod.com/blog/unpatched-rce-bug-in-zimbra-collaboration-suite-exploited-in-wild/
packetstormsecurity	www.packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html
forums	www.forums.zimbra.org/viewtopic.php
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
TARGET_PATH	path	/zimbra/public/<random>.jsp	Arbitrary JSP file written via tar/cpio path traversal during Zimbra CVE-2022-41352 exploit (writing to public web directory).	CWE-22
TARGET_FILENAME	path	/zimbra/public/<random>.jsp	Arbitrary JSP file written via tar/cpio path traversal during Zimbra CVE-2022-41352 exploit (writing to public web directory).	CWE-22

03 Nov 2025 16:27Current

9.4High risk

Vulners AI Score9.4

CVSS 3.19.8

EPSS0.93958

SSVC