In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).Referenceshttps://wiki.zimbra.com/wiki/Zimbra_Security_Advisorieshttps://wiki.zimbra.com/wiki/Security_Center
