Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2024-9665

🗓️ 22 Nov 2024 21:02:44Reported by zdiType 
cve
 cve🔗 web.nvd.nist.gov👁 98 Views

Zimbra GraphQL vulnerability allows remote attackers to disclose sensitive information and execute CSRF attacks by tricking users to open a malicious email

Related
Detection
Affected
Refs
ReporterTitlePublishedViews
Family
BDU FSTEC		The vulnerability in the built-in GraphQL client of the Zimbra Collaboration Suite (ZCS) corporate email management system allows a attacker to perform a CSRF attack and expose sensitive information.
28 Oct 202400:00
bdu_fstec
Circl		CVE-2024-9665
11 Oct 202405:00
circl
CNNVD		Zimbra 跨站请求伪造漏洞
22 Nov 202400:00
cnnvd
Cvelist		CVE-2024-9665 Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability
22 Nov 202421:02
cvelist
EUVD		EUVD-2024-50324
3 Oct 202520:07
euvd
NVD		CVE-2024-9665
22 Nov 202421:15
nvd
Positive Technologies		PT-2024-7260 · Zimbra · Zimbra Collaboration Suite
5 Jun 202400:00
ptsecurity
Vulnrichment		CVE-2024-9665 Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability
22 Nov 202421:02
vulnrichment
Zero Day Initiative		Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability
11 Oct 202400:00
zdi
Tenable Nessus		Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 42, 10.0 < 10.0.10, 10.1.0 < 10.1.2 CSRF
17 Oct 202400:00
nessus
Rows per page
NVD
Vulners
Node
zimbrazimbraRange<9.0.0
OR
zimbrazimbraRange10.0.010.0.10
OR
zimbrazimbraRange10.1.010.1.2
OR
zimbrazimbraMatch9.0.0p0
OR
zimbrazimbraMatch9.0.0p19
OR
zimbrazimbraMatch9.0.0p23
OR
zimbrazimbraMatch9.0.0p25
OR
zimbrazimbraMatch9.0.0p26
OR
zimbrazimbraMatch9.0.0p27
OR
zimbrazimbraMatch9.0.0p28
OR
zimbrazimbraMatch9.0.0p30
OR
zimbrazimbraMatch9.0.0p31
OR
zimbrazimbraMatch9.0.0p33
OR
zimbrazimbraMatch9.0.0p34
OR
zimbrazimbraMatch9.0.0p35
OR
zimbrazimbraMatch9.0.0p36
OR
zimbrazimbraMatch9.0.0p37
OR
zimbrazimbraMatch9.0.0p38
OR
zimbrazimbraMatch9.0.0p39
OR
zimbrazimbraMatch9.0.0p4
OR
zimbrazimbraMatch9.0.0p40
OR
zimbrazimbraMatch9.0.0p41
OR
zimbrazimbraMatch9.0.0p7
OR
zimbrazimbraMatch9.0.0p7.1
[
  {
    "vendor": "Zimbra",
    "product": "Zimbra",
    "versions": [
      {
        "version": "10.0.8",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 08:25Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.16.5
CVSS 36.5
EPSS0.00465
SSVC
CWE-352
zimbragraphqlvulnerabilityremote attackerssensitive informationcsrfemail.
98