Lucene search

Kaspersky LabKLA10863

HistoryAug 22, 1970 - 12:00 a.m.

KLA10863 Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration

1970-08-2200:00:00

Kaspersky Lab

threats.kaspersky.com

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

46.5%

JSON

Detect date:

08/22/1970

Severity:

Warning

Description:

Multiple serious vulnerabilities have been found in Zimbra Collaboration. Malicious users can exploit these vulnerabilities to inject arbitrary code.

Affected products:

Zimbra Collaboration before 8.7.0

Solution:

Update to the latest version
ZIMBRA COLLABORATION

Original advisories:

Zimbra Advisory

Impacts:

Related products:

Zimbra Desktop

CVE-IDS:

CVE-2016-5721

References

www.zimbra.com/downloads/zimbra-collaboration/

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5721

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Zimbra-Desktop/

www.zimbra.com/email-server-software/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

46.5%

JSON

Related for KLA10863