CVE-2023-34193

EPSS 0.34%
Veröffentlicht 06.07.2023 16:15:10
Zuletzt bearbeitet 21.11.2024 08:06:44
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zimbra ≫ Collaboration Version8.8.15 Update-

Zimbra ≫ Collaboration Version8.8.15 Updatep1

Zimbra ≫ Collaboration Version8.8.15 Updatep10

Zimbra ≫ Collaboration Version8.8.15 Updatep11

Zimbra ≫ Collaboration Version8.8.15 Updatep12

Zimbra ≫ Collaboration Version8.8.15 Updatep13

Zimbra ≫ Collaboration Version8.8.15 Updatep14

Zimbra ≫ Collaboration Version8.8.15 Updatep15

Zimbra ≫ Collaboration Version8.8.15 Updatep16

Zimbra ≫ Collaboration Version8.8.15 Updatep17

Zimbra ≫ Collaboration Version8.8.15 Updatep18

Zimbra ≫ Collaboration Version8.8.15 Updatep19

Zimbra ≫ Collaboration Version8.8.15 Updatep2

Zimbra ≫ Collaboration Version8.8.15 Updatep20

Zimbra ≫ Collaboration Version8.8.15 Updatep21

Zimbra ≫ Collaboration Version8.8.15 Updatep22

Zimbra ≫ Collaboration Version8.8.15 Updatep23

Zimbra ≫ Collaboration Version8.8.15 Updatep24

Zimbra ≫ Collaboration Version8.8.15 Updatep25

Zimbra ≫ Collaboration Version8.8.15 Updatep26

Zimbra ≫ Collaboration Version8.8.15 Updatep27

Zimbra ≫ Collaboration Version8.8.15 Updatep28

Zimbra ≫ Collaboration Version8.8.15 Updatep29

Zimbra ≫ Collaboration Version8.8.15 Updatep3

Zimbra ≫ Collaboration Version8.8.15 Updatep30

Zimbra ≫ Collaboration Version8.8.15 Updatep31

Zimbra ≫ Collaboration Version8.8.15 Updatep32

Zimbra ≫ Collaboration Version8.8.15 Updatep33

Zimbra ≫ Collaboration Version8.8.15 Updatep34

Zimbra ≫ Collaboration Version8.8.15 Updatep35

Zimbra ≫ Collaboration Version8.8.15 Updatep37

Zimbra ≫ Collaboration Version8.8.15 Updatep4

Zimbra ≫ Collaboration Version8.8.15 Updatep5

Zimbra ≫ Collaboration Version8.8.15 Updatep6

Zimbra ≫ Collaboration Version8.8.15 Updatep7

Zimbra ≫ Collaboration Version8.8.15 Updatep8

Zimbra ≫ Collaboration Version8.8.15 Updatep9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.56

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Vendor Advisory

https://wiki.zimbra.com/wiki/Security_Center

Vendor Advisory

Release Notes

https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy

Not Applicable

https://nvd.nist.gov/vuln/detail/CVE-2023-34193

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-34193

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-34193

EUVD