CVE-2023-34193: 
Zimbra Collaboration Server vulnerability analysis and mitigation

A File Upload vulnerability was discovered in Zimbra ZCS 8.8.15, identified as CVE-2023-34193. The vulnerability allows an authenticated privileged user to execute arbitrary code and obtain sensitive information through the ClientUploader function. This vulnerability was disclosed and addressed in May 2023 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). The issue specifically involves the ClientUploader functionality in Zimbra Collaboration Suite (ZCS) version 8.8.15 (NVD).

The vulnerability allows authenticated privileged users to execute arbitrary code on the system and access sensitive information. This presents a significant security risk as it could lead to unauthorized system access and data breaches (Zimbra Security).

As part of continuous improvement, the ClientUploader packages have been removed from the core product and moved to an optional package. This change was implemented in Zimbra versions Daffodil 10.0.1, 9.0.0 Patch 33, and 8.8.15 Patch 40 (Zimbra Advisories).