Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite

Threat Level – Red | Vulnerability Report
Download PDF

The active exploitation of an unpatched CVE-2022-41352 remote code execution (RCE) vulnerability found in the Zimbra Collaboration Suite (ZCS). It empowers attackers to upload arbitrary files and execute malicious operations on vulnerable hosts. The bug exists as a result of amavis insecure fallback to utilizing cpio to extract files if the pax package is not installed on the system.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox