Bug 80338 (Feb 2013) is a Local File Inclusion vulnerability that leads to potential Privilege Escalation:
Bug 80338: Privilege Escalation via LFI
CVE: https://web.nvd.nist.gov/view/vuln/deta ... -2013-7091
Affected versions: 7.2.2 and 8.0.2 and all previous releases
Bug 84547 is a newer Critical Security Vulnerability (Dec 2013) that has not had further details released (in order to protect other customers):
Bug 84547: Critical Security Vulnerability
CVE: https://web.nvd.nist.gov/view/vuln/deta ... -2013-7217
Affected Versions: 7.2.5 and 8.0.5 and all previous releases (except 7.1.4, 7.2.0, 7.2.0 Patch 1, and 7.2.1, which are not susceptible to Bug 84547)
There is great urgency for getting this patched on your platform, as there is an exploit for Bug 80338 in the wild, discussed here:
Security Guidance for reported "0day Exploit"
http://www.exploit-db.com/exploits/30085/
And it has been used to install upload rogue Zimlets and bitcoin mining processes (and potentially others) on some customer systems. You can read about the clean-up steps for this here:
https://wiki.zimbra.com/wiki/Investigat ... ng_Systems
As noted, there are patches and upgrades available here:
http://info.zimbra.com/zimbra-news-new- ... ing-events
Critical Security Patches posted for 8.0.X/7.2.X
Critical Security Vulnerability Addressed in 7.2.6/8.0.6 Maintenance Releases
Please let us know if further questions. Please upgrade or patch at first opportunity. Sorry for the difficulties on this.