CVE-2023-29382: 
Zimbra Collaboration Server vulnerability analysis and mitigation

A critical vulnerability (CVE-2023-29382) was discovered in Zimbra Collaboration ZCS versions 8.8.15 and 9.0, which allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component. The vulnerability was disclosed in July 2023 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating that it can be exploited remotely with low attack complexity and requires no privileges or user interaction. The vulnerability is classified under CWE-94 (Improper Control of Generation of Code) (NVD).

The vulnerability allows attackers to execute arbitrary code on affected systems, potentially leading to complete system compromise. The CVSS score of 9.8 indicates high impact ratings for confidentiality, integrity, and availability (NVD).

Zimbra has addressed this vulnerability by removing the unused JSP file which may bypass the Preauth verification. Users are advised to upgrade to Zimbra Collaboration versions 10.0.1, 9.0.0 Patch 33, or 8.8.15 Patch 40 which contain the security fix (Zimbra Security).