CVE-2022-45912: 
Zimbra Collaboration Server vulnerability analysis and mitigation

An issue was discovered in Zimbra Collaboration (ZCS) versions 8.8.15 and 9.0. The vulnerability allows remote code execution through ClientUploader functionality. Initially reported in December 2022, this vulnerability enables an authenticated administrator to upload files through the ClientUploader utility and traverse to any other directory for remote code execution (NVD).

The vulnerability is tracked as CVE-2022-45912 and has been assigned a CVSS v3.1 Base Score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). The issue specifically involves the ClientUploader component, where authenticated administrators can perform directory traversal during file uploads, potentially leading to remote code execution (NVD).

The successful exploitation of this vulnerability can result in remote code execution on affected Zimbra Collaboration Suite servers. This could potentially lead to complete system compromise, allowing attackers to gain unauthorized access to sensitive data, modify system configurations, and potentially execute arbitrary commands on the affected system (NVD).