CVE-2022-41352
Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability
CVSS
—
No CVSS
EPSS
95.5%
p100
KEV
YES
Oct 20, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
95.5%EPSS · 30 days95.5%
2026-06-302026-07-16
Product
Synacor / Zimbra Collaboration Suite (ZCS)
Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability
Added to KEV
Oct 20, 2022
Remediate by
Nov 10, 2022
Known ransomware use
No
Summary description
Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts.
Required action
Apply updates per vendor instructions.
Notes
https://wiki.zimbra.com/wiki/Security_Center; https://nvd.nist.gov/vuln/detail/CVE-2022-41352
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2024-45519—100.0%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability—CVE-2019-9670—100.0%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference—CVE-2022-27925—99.9%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability—CVE-2022-37042—99.8%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability—CVE-2022-27924—99.7%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability—CVE-2019-9621—99.6%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability—