Zimbra file upload enabling webshell deployment. Chained with CVE-2022-37042 auth bypass for unauthenticated exploitation. Apply August 2022 patches and audit for webshells in Zimbra webroot directories.
Zimbra Collaboration arbitrary file upload via mboximport functionality when authenticated as an administrator.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →