• Language chooser
    • USA (English)
    • France (Français)

Synacor Zimbra Collaboration MBoxImport Vulnerabilities

Released: Aug 25, 2022

Updated: Sep 06, 2022

High Severity

Zimbra Vendor

Attack Type

Zimbra Collaboration aka (ZCS) Authentication Bypass in MailboxImportServlet functionality and Arbitrary File Upload Vulnerability.

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files. By bypassing authentication, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. The vulnerability exists due to an incomplete fix for CVE-2022-27925. Learn More »

Common Vulnerabilities and Exposures



Zimbra Collaboration is the trusted email and collaboration platform and productivity suite that includes contacts, calendar, tasks, chat and file sharing, etc. According to Zimbra's blog, the Collaboration software is used in more than 140 countries and over 1,000 government and financial institutions.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

8/10/2022: Zimbra blog posted

8/16/2022: A joint cybersecurity advisory was issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) on vulnerabilities in Zimbra Collaboration that is actively leveraged in the field by threat actors. The advisory covers five CVEs: CVE-2022-24682, CVE-2022-27924, CVE-2022-27925, CVE-2022-37042, and CVE-2022-30333. CISA advisory:

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

  • AV

  • AV (Pre-filter)

  • IPS

  • Web App Security

  • Outbreak Detection

  • Threat Hunting

  • Content Update

  • Assisted Response Services

  • Automated Response

  • NOC/SOC Training

  • End-User Training

  • Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

Loading ...