CVE-2022-45911
https://notcve.org/view.php?id=CVE-2022-45911
An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not get any sensitive information. Se descubrió un problema en Zimbra Collaboration (ZCS) 9.0. XSS puede ocurrir en la página de inicio de sesión de la IU clásica inyectando código JavaScript arbitrario en el campo username. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-45912
https://notcve.org/view.php?id=CVE-2022-45912
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution. Se descubrió un problema en Zimbra Collaboration (ZCS) 8.8.15 y 9.0. La ejecución remota de código puede realizarse a través de ClientUploader por parte de un usuario administrador autenticado. • https://gist.github.com/Threonic/e90c85e11e1ac925ff57783988779e76 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2022-41348
https://notcve.org/view.php?id=CVE-2022-41348
An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure. Se ha detectado un problema en Zimbra Collaboration (ZCS) versión 9.0. Puede producirse un ataque de tipo XSS por medio del atributo onerror de un elemento IMG, conllevando a una divulgación de información • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-41347
https://notcve.org/view.php?id=CVE-2022-41347
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root. Se ha detectado un problema en Zimbra Collaboration (ZCS) versiones 8.8.x y 9.x (por ejemplo, 8.8.15). La configuración Sudo permite al usuario zimbra ejecutar el binario NGINX como root con parámetros arbitrarios. • https://darrenmartyn.ie/2021/10/25/zimbra-nginx-local-root-exploit https://github.com/darrenmartyn/zimbra-hinginx https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories •
CVE-2022-41352 – Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2022-41352
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio. • https://github.com/rxerium/CVE-2022-41352 http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html https://forums.zimbra.org/viewtopic.php?t=71153&p=306532 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://www.secpod.com/blog/unpatched-rce-bug-in-zimbra-collaboration-suite-exploited-in-wild https://blog.zimbra.com/2022/09/security-update-make-sure-to-install-pax-spax https://www.openwall.com/list • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •