Threat Advisory

Zimbra Affected with a Zero-Day Vulnerability

October 21, 2022 | By Accorian

Recently, Zimbra released patches to address a vulnerability in their enterprise collaboration software that was being aggressively abused and that could be used to upload arbitrary files to affected instances. The bug has the CVE-2022-41352 identifier and a 9.8 CVSS rating. The Zimbra Suite’s Amavis component is impacted by the flaw. Amavis is an open-source content filter, and the cpio tool it employs for scanning and extracting archives is part of that. Incorrect access to other user accounts may be achieved by an attacker using the cpio package, according to Zimbra.

An attacker must send an email containing a specially constructed TAR archive attachment in order to exploit the vulnerability. When Amavis receives the email, it submits it, and the cpio module is utilized to launch the exploit. Approximately 1,600 Zimbra servers are infected, the incident response report indicates.

With ZCS version 9.0.0 P27 and Zimbra 8.8.15 Patch 34, Zimbra fixed this vulnerability by substituting Pax for the vulnerable component (cpio) and removing the weak link that allows for exploitation. All Zimbra users are encouraged by Accorian to update to the most recent versions.

Accorian can help identify this vulnerability in your environment. 


Threat Advisory Team 


Recent Post

    Ready to Start?

      Ready to Start?

        Download Case study

          Download Guide

          Human Resources Director

          Posted On: 09 May, 2022

          Drop your CVs to

            Interested Position

            First Name

            Last Name


            Total Experience

            Mobile Number

            Upload Resume