{"id":"CVE-2023-34193","details":"File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.","modified":"2026-04-11T12:45:18.793972Z","published":"2023-07-06T16:15:10.100Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"8.8.15-p10"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p12"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p13"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p14"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p15"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p16"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p17"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p18"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p19"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p21"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p22"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p23"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p24"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p25"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p27"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p28"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p29"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p2"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p37"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p37:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p4"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p6"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p7"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p8"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.8.15-p9"}],"cpe":"cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*","source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy"},{"type":"ADVISORY","url":"https://wiki.zimbra.com/wiki/Security_Center"},{"type":"ADVISORY","url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zimbra/zm-build","events":[{"introduced":"0"},{"last_affected":"ac6081fa002b1511e926aba37740d2b6c20f3f43"},{"last_affected":"29eea219faf34718f0ef1cda7c3f02c89910c96c"},{"last_affected":"62480d2f6aace77ee01bb4b8f46a3eff49cbdfd3"},{"last_affected":"71b1626efff0a90ba64ff3e5ab192683e6dccc9a"},{"last_affected":"905970576d6fe337150f09c0ad7a0f53aa1a8f42"},{"last_affected":"5ae8f73501330bc788daed9c82c1222857d85b8b"},{"last_affected":"fe985a33cb83f82816a1e8f93d8d864112a6504e"},{"last_affected":"b7209ef3fd859fda5537cc7fbfdeb97cbd1ab931"},{"last_affected":"6c2b2cd41fa3625cbd1c12f4e14e07eece395a31"},{"last_affected":"3dbd48fe84d22132463b3758e3a40be19267fc9f"},{"last_affected":"dbb831c2de39b20cda7ea1e0063645d3cb6d1770"},{"last_affected":"0e40da921adb967639011de45841cef4c4601413"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"8.8.15-NA"},{"last_affected":"8.8.15-p1"},{"last_affected":"8.8.15-p11"},{"last_affected":"8.8.15-p20"},{"last_affected":"8.8.15-p26"},{"last_affected":"8.8.15-p3"},{"last_affected":"8.8.15-p30"},{"last_affected":"8.8.15-p31"},{"last_affected":"8.8.15-p32"},{"last_affected":"8.8.15-p33"},{"last_affected":"8.8.15-p34"},{"last_affected":"8.8.15-p35"},{"last_affected":"8.8.15-p5"}],"cpe":["cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*","cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*","cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*","cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*","cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*","cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*","cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*","cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*","cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*","cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*","cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*","cpe:2.3:a:zimbra:collaboration:8.8.15:p35:*:*:*:*:*:*","cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*"],"source":"CPE_FIELD"}}],"versions":["8.8.15","8.8.15.U20","8.8.15.p11","8.8.15.p26","8.8.15.p3","8.8.15.p30","8.8.15.p31","8.8.15.p32","8.8.15.p33","8.8.15.p34","8.8.15.p35","8.8.15.p5"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-34193.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}