Collaboration@* Security Vulnerabilities and Issues — Collaboration@* CVE List

Lucene search

ZimbraCollaboration*

7 matches found

CVE•added 2024/10/02 10:15 p.m.•374 views

CVE-2024-45519

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.

10CVSS7.4AI score0.9415EPSS

In wild

CVE•added 2021/07/02 7:15 p.m.•91 views

CVE-2021-34807

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL...

6.1CVSS6AI score0.00841EPSS

CVE•added 2023/12/07 5:15 a.m.•77 views

CVE-2023-41106

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. An attacker can gain access to a Zimbra account. This is also fixed in 9.0.0 Patch 35 and 8.8.15 Patch 42.

7.5CVSS7.5AI score0.00369EPSS

CVE•added 2024/02/13 6:15 p.m.•63 views

CVE-2023-50808

Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI.

9.1CVSS7AI score0.00539EPSS

CVE•added 2020/12/17 4:15 a.m.•61 views

CVE-2020-35123

In Zimbra Collaboration Suite Network Edition versions

6.5CVSS6.2AI score0.00919EPSS

CVE•added 2023/12/07 6:15 a.m.•45 views

CVE-2023-43103

An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36.

6.1CVSS5.9AI score0.0042EPSS

CVE•added 2023/12/07 6:15 a.m.•39 views

CVE-2023-43102

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36.

6.1CVSS5.8AI score0.00481EPSS