Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zimbra collaboration 8.8.15 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-32294
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced.
Zimbra Collaboration 8.8.15
7.5
CVSSv2
CVE-2021-35209
An issue exists in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 prior to 8.8.15 Patch 23 and 9.x prior to 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not che...
Zimbra Collaboration
Zimbra Collaboration 8.8.15
Zimbra Collaboration 9.0.0
6.8
CVSSv2
CVE-2020-7796
Zimbra Collaboration Suite (ZCS) prior to 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.8.15
6.5
CVSSv2
CVE-2022-27925
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
1 Metasploit module
13 Github repositories
1 Article
6
CVSSv2
CVE-2020-12846
Zimbra prior to 8.8.15 Patch 10 and 9.x prior to 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox ...
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.8.15
Synacor Zimbra Collaboration Suite 9.0.0
5.8
CVSSv2
CVE-2021-34807
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite up to and including 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker c...
Zimbra Collaboration
Zimbra Collaboration 8.8.15
Zimbra Collaboration 9.0.0
5
CVSSv2
CVE-2022-30333
RARLAB UnRAR prior to 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Rarlab Unrar
2 Metasploit modules
4 Github repositories
1 Article
5
CVSSv2
CVE-2022-27924
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated malicious user to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries.
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
1 Github repository
1 Article
5
CVSSv2
CVE-2020-8633
An issue exists in Zimbra Collaboration Suite (ZCS) prior to 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible.
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.8.15
4.3
CVSSv2
CVE-2022-24682
An issue exists in the Calendar feature in Zimbra Collaboration Suite 8.8.x prior to 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unesca...
Zimbra Collaboration 8.8.15
Zimbra Collaboration
1 Github repository
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »