Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 33 / 9.0.0 < 9.0.0 Patch 26 Multiple Vulnerabilities

critical Nessus Plugin ID 164341


The remote web server contains a web application that is affected by multiple vulnerabilities.


According to its self-reported version number, Zimbra Collaboration Server is affected by a multiple vulnerabilities, including the following:

- An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. The value of the X-Forwarded-Host header overwrites the value of the Host header in proxied requests. The value of X-Forwarded-Host header is not checked against the whitelist of hosts that ZCS is allowed to proxy to (the zimbraProxyAllowedDomains setting). (CVE-2022-37041)

- Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925. (CVE-2022-37042)

- An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when an authenticated user views an attacker-controlled page, a request will be sent to the application that appears to be intended. The CSRF token is omitted from the request, but the request still succeeds. (CVE-2022-37043)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Upgrade to version 8.8.15 Patch 33, 9.0.0 Patch 26, or later.

See Also






Plugin Details

Severity: Critical

ID: 164341

File Name: zimbra_9_0_0_p26.nasl

Version: 1.4

Type: combined

Agent: unix

Family: CGI abuses

Published: 8/23/2022

Updated: 2/17/2023

Supported Sensors: Nessus Agent

Risk Information


Risk Factor: High

Score: 7.4


Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-2068


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-37042

Vulnerability Information

CPE: cpe:/a:zimbra:collaboration_suite

Required KB Items: installed_sw/zimbra_zcs

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/12/2022

Vulnerability Publication Date: 8/12/2022

CISA Known Exploited Vulnerability Due Dates: 9/1/2022

Exploitable With

Metasploit (Zip Path Traversal in Zimbra (mboximport) (CVE-2022-27925))

Reference Information

CVE: CVE-2022-2068, CVE-2022-24407, CVE-2022-37041, CVE-2022-37042, CVE-2022-37043