What the Vuln: Zimbra
- Date:
- February 21 at 2 p.m. ET/11 a.m. PT
- Location:
- Bishop Fox YouTube and LinkedIn
- Speakers:
- Carlos Yanez & Joe Sechman, AVP of R&D at Bishop Fox

Imagine that your organization’s web-based communication platform is vulnerable to hackers... can this give them access to sensitive information? And is this an entry point to launch more damaging exploitation operations in the long run? If the answer is yes (and it likely is), watch as we explore path traversal vulnerabilities in Zimbra, a web-based email, calendar, and collaboration suite in action since 2005.
In this inaugural episode of our What the Vuln series, Carlos Yanez, Security Consultant III zeros in on CVE-2022-37042 and CVE-2022-27925, exploring the perils of remote code execution on web-based communications technology. We deep dive into Zimbra Zip Path Traversal vulnerability and hear about unique exploit development techniques from start to finish.
Watch the first-ever What the Vuln livestream episode to hear from our security expert on:
- A Zimbra vulnerability discovery overview
- A step-by-step demo of the exploit development in action
- How to apply exploitation techniques to other vulnerabilities