Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zimbra collaboration suite vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-18985
An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows malicious users to redirect users to any arbitrary website of their choosing.
Synacor Zimbra Collaboration Suite 8.8.12
6.5
CVSSv3
CVE-2020-35123
In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8...
Zimbra Collaboration
Zimbra Collaboration 8.8.15
Zimbra Collaboration 9.0.0
7.5
CVSSv3
CVE-2019-9621
Zimbra Collaboration Suite prior to 8.6 patch 13, 8.7.x prior to 8.7.11 patch 10, and 8.8.x prior to 8.8.10 patch 7 or 8.8.x prior to 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
Zimbra Collaboration Server 8.6.0
Zimbra Collaboration Server
Zimbra Collaboration Server 8.7.11
Zimbra Collaboration Server 8.8.10
Zimbra Collaboration Server 8.8.11
2 EDB exploits
2 Github repositories
6.1
CVSSv3
CVE-2021-35207
An issue exists in Zimbra Collaboration Suite 8.8 prior to 8.8.15 Patch 23 and 9.0 prior to 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginE...
Zimbra Collaboration
Zimbra Collaboration 8.8.15
Zimbra Collaboration 9.0.0
6.1
CVSSv3
CVE-2021-34807
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite up to and including 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker c...
Zimbra Collaboration
Zimbra Collaboration 8.8.15
Zimbra Collaboration 9.0.0
9.8
CVSSv3
CVE-2021-35209
An issue exists in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 prior to 8.8.15 Patch 23 and 9.x prior to 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not che...
Zimbra Collaboration
Zimbra Collaboration 8.8.15
Zimbra Collaboration 9.0.0
9.8
CVSSv3
CVE-2022-41352
An issue exists in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over...
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
1 Metasploit module
4 Github repositories
1 Article
5.4
CVSSv3
CVE-2021-35208
An issue exists in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x prior to 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to b...
Zimbra Collaboration
Zimbra Collaboration 8.8.15
6.1
CVSSv3
CVE-2022-24682
An issue exists in the Calendar feature in Zimbra Collaboration Suite 8.8.x prior to 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unesca...
Zimbra Collaboration 8.8.15
Zimbra Collaboration
1 Github repository
1 Article
7.2
CVSSv3
CVE-2022-27925
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
1 Metasploit module
13 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »