NVD - CVE-2022-41352 (original) (raw)

Description

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST CVSS score

NIST: NVD

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST CVSS score

NIST: NVD

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html CVE, MITRE Exploit Third Party Advisory VDB Entry
https://forums.zimbra.org/viewtopic.php?t=71153&p=306532 CVE, MITRE Mitigation Vendor Advisory
https://wiki.zimbra.com/wiki/Security_Center CVE, MITRE Patch Release Notes Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories CVE, MITRE Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41352 CISA-ADP US Government Resource
https://www.secpod.com/blog/unpatched-rce-bug-in-zimbra-collaboration-suite-exploited-in-wild/ CVE, MITRE Third Party Advisory

This CVE is in CISA's Known Exploited Vulnerabilities Catalog

Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements.

Vulnerability Name Date Added Due Date Required Action
Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability 10/20/2022 11/10/2022 Apply updates per vendor instructions.

Weakness Enumeration

CWE-ID CWE Name Source
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') cwe source acceptance level NIST CISA-ADP

Known Affected Software Configurations Switch to CPE 2.2

Change History

15 change records found show changes

Modified Analysis by NIST 11/03/2025 11:27:33 AM

Action Type Old Value New Value
Changed CPE Configuration OR *cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:* *cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:* Record truncated, showing 2048 of 2759 characters. View Entire Change Record OR *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p1:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:-:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p6:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p5:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p3:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p4:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p10:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p11:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p12:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p13:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p14:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p15:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p16:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p17:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p2:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p7:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p8:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p9:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p18:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p19:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p20:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p21:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p22:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p23:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p24:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p25:*:*:*:*:*:*
Added CPE Configuration Record truncated, showing 2048 of 2178 characters. View Entire Change Record OR *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:-:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p1:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p2:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p10:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p11:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p12:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p13:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p14:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p15:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p16:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p17:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p18:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p19:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p20:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p21:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p22:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p23:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p3:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24.1:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p25:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p26:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p4:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p5:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p6:*:*:*:*:*:* *cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p7:*:*:*:*:*:* *cpe:2.3:a:sy
Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2022-41352 Types: US Government Resource

CVE Modified by CISA-ADP 10/21/2025 8🔞11 PM

Action Type Old Value New Value
Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2022-41352

CVE Modified by CISA-ADP 10/21/2025 4:19:15 PM

Action Type Old Value New Value
Removed Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2022-41352

CVE Modified by CISA-ADP 10/21/2025 3:19:49 PM

Action Type Old Value New Value
Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2022-41352

Modified Analysis by NIST 4/03/2025 2:54:44 PM

Action Type Old Value New Value

CVE CISA KEV Update by Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government 2/24/2025 9:00:02 PM

Action Type Old Value New Value
Changed Vulnerability Name Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability

CVE Modified by CISA-ADP 2/03/2025 10:15:14 AM

Action Type Old Value New Value
Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added CWE CWE-22

CVE Modified by CVE 11/21/2024 2:23:06 AM

Action Type Old Value New Value
Added Reference http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html
Added Reference https://forums.zimbra.org/viewtopic.php?t=71153&p=306532
Added Reference https://wiki.zimbra.com/wiki/Security\_Center
Added Reference https://wiki.zimbra.com/wiki/Zimbra\_Security\_Advisories
Added Reference https://www.secpod.com/blog/unpatched-rce-bug-in-zimbra-collaboration-suite-exploited-in-wild/

CVE Modified by MITRE 5/14/2024 7:31:12 AM

Action Type Old Value New Value

Modified Analysis by NIST 1/31/2024 8:06:56 PM

Action Type Old Value New Value
Changed Reference Type https://www.secpod.com/blog/unpatched-rce-bug-in-zimbra-collaboration-suite-exploited-in-wild/ No Types Assigned https://www.secpod.com/blog/unpatched-rce-bug-in-zimbra-collaboration-suite-exploited-in-wild/ Third Party Advisory

CVE Modified by MITRE 10/09/2023 8:15:10 PM

Action Type Old Value New Value
Changed Description An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio. An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.
Added Reference https://www.secpod.com/blog/unpatched-rce-bug-in-zimbra-collaboration-suite-exploited-in-wild/ [No Types Assigned]

CWE Remap by NIST 8/08/2023 10:22:24 AM

Action Type Old Value New Value
Changed CWE CWE-434 CWE-22

Modified Analysis by NIST 11/09/2022 3:42:16 PM

Action Type Old Value New Value
Changed Reference Type http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html No Types Assigned http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html Exploit, Third Party Advisory, VDB Entry

CVE Modified by MITRE 10/20/2022 1:15:10 PM

Action Type Old Value New Value
Added Reference http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html [No Types Assigned]

Initial Analysis by NIST 9/29/2022 11:10:14 AM

Action Type Old Value New Value
Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added CWE NIST CWE-434
Added CPE Configuration OR *cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:* *cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*
Changed Reference Type https://forums.zimbra.org/viewtopic.php?t=71153&p=306532 No Types Assigned https://forums.zimbra.org/viewtopic.php?t=71153&p=306532 Mitigation, Vendor Advisory
Changed Reference Type https://wiki.zimbra.com/wiki/Security\_Center No Types Assigned https://wiki.zimbra.com/wiki/Security\_Center Patch, Release Notes, Vendor Advisory
Changed Reference Type https://wiki.zimbra.com/wiki/Zimbra\_Security\_Advisories No Types Assigned https://wiki.zimbra.com/wiki/Zimbra\_Security\_Advisories Vendor Advisory