Cybersecurity Alerts

Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability

Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-22

References

• https://wiki.zimbra.com/wiki/Security_Center
• https://nvd.nist.gov/vuln/detail/CVE-2022-41352