Vulnerabilites related to synacor - zimbra_collaboration_suite
Vulnerability from fkie_nvd
Published
2019-05-29 22:29
Modified
2024-11-21 03:48
Severity ?
Summary
Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.8.9 | |
| synacor | zimbra_collaboration_suite | 8.8.9 | |
| synacor | zimbra_collaboration_suite | 8.8.9 | |
| synacor | zimbra_collaboration_suite | 8.8.9 | |
| synacor | zimbra_collaboration_suite | 8.8.9 | |
| synacor | zimbra_collaboration_suite | 8.8.9 | |
| synacor | zimbra_collaboration_suite | 8.8.9 | |
| synacor | zimbra_collaboration_suite | 8.8.10 | |
| synacor | zimbra_collaboration_suite | 8.8.10 | |
| synacor | zimbra_collaboration_suite | 8.8.10 | |
| synacor | zimbra_collaboration_suite | 8.8.10 | |
| synacor | zimbra_collaboration_suite | 8.8.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6583F958-D828-474A-8C51-22B735F7CD2A",
"versionEndExcluding": "8.7.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "172EF781-F36D-49D1-8E80-5F344551F543",
"versionEndExcluding": "8.8.9",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*",
"matchCriteriaId": "A98A1461-959C-4FC5-8860-76C3A9605F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*",
"matchCriteriaId": "F64CBF7B-63AB-4523-84B9-D86F64DAB4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p2:*:*:*:*:*:*",
"matchCriteriaId": "D411A60B-BFA0-4B47-BF7B-D21AAFFC9E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p3:*:*:*:*:*:*",
"matchCriteriaId": "0ADC2E0E-9365-46AA-85AC-DF2B5C791833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p4:*:*:*:*:*:*",
"matchCriteriaId": "5ADA2C87-BDA0-485B-8BF3-EE1E1DC1C4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p5:*:*:*:*:*:*",
"matchCriteriaId": "E28795C8-62FF-4C68-A469-8A2AD309E28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p6:*:*:*:*:*:*",
"matchCriteriaId": "08339B97-5558-4DF5-8CB7-6CEB91328CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:-:*:*:*:*:*:*",
"matchCriteriaId": "01E60F13-49E8-45C7-80D0-3FE174C26AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p1:*:*:*:*:*:*",
"matchCriteriaId": "7721C638-63F3-4FB4-9DBC-7781A16EDEB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p2:*:*:*:*:*:*",
"matchCriteriaId": "B1FFA288-70EA-4A51-911A-C79E3359EAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p3:*:*:*:*:*:*",
"matchCriteriaId": "67940E89-EDDC-4B17-BE1D-A1C00A80B315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p4:*:*:*:*:*:*",
"matchCriteriaId": "CB504F6B-DD81-46F6-A3E2-B0EDA70E23BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p7:*:*:*:*:*:*",
"matchCriteriaId": "231D52D8-CD5A-4C21-AFBE-07992E004D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p8:*:*:*:*:*:*",
"matchCriteriaId": "398502C2-F94A-4564-BD03-864B4B314389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:-:*:*:*:*:*:*",
"matchCriteriaId": "EEE708DD-3340-4190-B3B0-D102D798C091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p2:*:*:*:*:*:*",
"matchCriteriaId": "DB9C1A1E-A45A-43BF-87E1-5B4A03BB8101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p3:*:*:*:*:*:*",
"matchCriteriaId": "1BA23A8E-2ADF-4EAC-93FA-CBFA9108D4B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p4:*:*:*:*:*:*",
"matchCriteriaId": "17C10530-F184-424C-928D-68A2FB737692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:-:*:*:*:*:*:*",
"matchCriteriaId": "A0B38B6A-83D3-4983-A4E7-4A1418C3F0D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients."
},
{
"lang": "es",
"value": "Synacor Zimbra Collaboration Suite Collaboration anteriores a la versi\u00f3n 8.8.11, tiene una vulnerabilidad de tipo XSS en los clientes web AJAX y html."
}
],
"id": "CVE-2018-14013",
"lastModified": "2024-11-21T03:48:26.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-29T22:29:00.883",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151472/Zimbra-Collaboration-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2019/01/30/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106787"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109017"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109018"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151472/Zimbra-Collaboration-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2019/01/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-04 01:29
Modified
2024-11-21 03:34
Severity ?
Summary
Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.zimbra.com/show_bug.cgi?id=107878 | Issue Tracking, Permissions Required, Vendor Advisory | |
| cve@mitre.org | https://bugzilla.zimbra.com/show_bug.cgi?id=107885 | Issue Tracking, Permissions Required, Vendor Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Security_Center | Patch, Vendor Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.zimbra.com/show_bug.cgi?id=107878 | Issue Tracking, Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.zimbra.com/show_bug.cgi?id=107885 | Issue Tracking, Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Security_Center | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B2F81FB-C848-45D9-9693-96C57DB8400B",
"versionEndExcluding": "8.7.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS."
},
{
"lang": "es",
"value": "Synacor Zimbra Collaboration Suite (ZCS) en versiones anteriores a la 8.7.10 tiene XSS persistente."
}
],
"id": "CVE-2017-8783",
"lastModified": "2024-11-21T03:34:41.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-04T01:29:00.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107878"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107885"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-30 16:29
Modified
2024-11-21 03:50
Severity ?
Summary
An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.zimbra.com/show_bug.cgi?id=109012 | Exploit, Issue Tracking, Third Party Advisory | |
| nvd@nist.gov | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.zimbra.com/show_bug.cgi?id=109012 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A91CE8F-5E21-459E-A253-A1706357B82B",
"versionEndExcluding": "8.7.11",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48C99285-82BF-4C22-991C-D3742B19AFED",
"versionEndExcluding": "8.8.8",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "09016525-12F2-49D0-A803-E38294FE3EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "A640E533-4AB8-4DBA-B59C-3CCDE507155F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "0557E4A7-8D49-4B68-8DA1-BADCC319E465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "EFFA097D-1FAC-41A9-BF40-004BBE4F4777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "957B3D6D-DDA6-4770-B8B1-8CDF95E87140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "E48E062A-8658-4006-856E-CBABE57FE00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "C611DEE3-3574-4DCB-90F7-E80831365662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "64824D2C-D71F-49AB-83E7-C26359DF81A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "E3008B5E-3E4E-47DE-972E-443BF3528EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "8540B665-7DB1-47ED-BCDC-D9993A3516AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*",
"matchCriteriaId": "A98A1461-959C-4FC5-8860-76C3A9605F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*",
"matchCriteriaId": "F64CBF7B-63AB-4523-84B9-D86F64DAB4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p2:*:*:*:*:*:*",
"matchCriteriaId": "D411A60B-BFA0-4B47-BF7B-D21AAFFC9E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p3:*:*:*:*:*:*",
"matchCriteriaId": "0ADC2E0E-9365-46AA-85AC-DF2B5C791833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p4:*:*:*:*:*:*",
"matchCriteriaId": "5ADA2C87-BDA0-485B-8BF3-EE1E1DC1C4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p5:*:*:*:*:*:*",
"matchCriteriaId": "E28795C8-62FF-4C68-A469-8A2AD309E28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:-:*:*:*:*:*:*",
"matchCriteriaId": "5463E3D4-4C0F-4CCC-ACC3-670E4F7B3BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C251F5AE-592B-4D83-BBE1-A56D96F56DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "28812A1D-D755-4BF5-A719-A50A12677CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "D5C2A832-8914-4239-A423-2F2D58E0A6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "D17D7685-458A-420D-BE30-D09ADE4E5F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "04C7D39A-FFAE-47C7-81B4-6CDC5A646045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "37D0D4D8-8BB5-45B1-897B-1D9099F8A5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "B8464B0A-5584-4A05-BB47-6F29068B7C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:-:*:*:*:*:*:*",
"matchCriteriaId": "01E60F13-49E8-45C7-80D0-3FE174C26AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p1:*:*:*:*:*:*",
"matchCriteriaId": "7721C638-63F3-4FB4-9DBC-7781A16EDEB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p2:*:*:*:*:*:*",
"matchCriteriaId": "B1FFA288-70EA-4A51-911A-C79E3359EAD5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests."
},
{
"lang": "es",
"value": "Fue encontrado un problema en Synacor Zimbra Collaboration Suite versi\u00f3n 8.6.x anterior a la 8.6.0 Patch 11, versi\u00f3n 8.7.x anterior a la 8.7.11 Patch 6, versi\u00f3n 8.8.x anterior a la 8.8.8 Patch 9 y versi\u00f3n 8.8.9 anterior a la 8.8.9 Patch 3. La enumeraci\u00f3n del n\u00famero de cuenta es posible por medio de respuestas inconsistentes para algunos tipos espec\u00edficos de peticiones de autenticaci\u00f3n."
}
],
"id": "CVE-2018-15131",
"lastModified": "2024-11-21T03:50:22.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-30T16:29:00.980",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109012"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109012"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-23 04:29
Modified
2024-11-21 03:31
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98081 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.1 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98081 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.1 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D16A5761-8035-4379-A396-62F362FED071",
"versionEndIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) en versiones anteriores a la 8.7.1 de Zimbra Collaboration Suite (ZCS) permite a los atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados."
}
],
"id": "CVE-2017-7288",
"lastModified": "2024-11-21T03:31:33.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-23T04:29:02.103",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98081"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-10 01:29
Modified
2024-11-21 03:42
Severity ?
Summary
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.zimbra.com/show_bug.cgi?id=108963 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.zimbra.com/show_bug.cgi?id=108963 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | 8.6.0 | |
| synacor | zimbra_collaboration_suite | 8.6.0 | |
| synacor | zimbra_collaboration_suite | 8.6.0 | |
| synacor | zimbra_collaboration_suite | 8.6.0 | |
| synacor | zimbra_collaboration_suite | 8.6.0 | |
| synacor | zimbra_collaboration_suite | 8.6.0 | |
| synacor | zimbra_collaboration_suite | 8.6.0 | |
| synacor | zimbra_collaboration_suite | 8.6.0 | |
| synacor | zimbra_collaboration_suite | 8.6.0 | |
| synacor | zimbra_collaboration_suite | 8.6.0 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A91CE8F-5E21-459E-A253-A1706357B82B",
"versionEndExcluding": "8.7.11",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48C99285-82BF-4C22-991C-D3742B19AFED",
"versionEndExcluding": "8.8.8",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "09016525-12F2-49D0-A803-E38294FE3EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "256ABB7E-46FB-471A-95D1-589A2F985BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "6A4EE384-AB5A-42AB-8BD9-7B41235A3285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "E06F070B-CB6E-46A8-94BE-4C036DDD79AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "C7932C40-61F8-4267-894B-A843D7465571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "72038138-CDB7-4790-A5C7-5F0EC6334A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "B0677BB2-9D02-4F88-8210-969ECBC23C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch7:*:*:*:*:*:*",
"matchCriteriaId": "F182ED10-C40E-4B90-AEBA-0C54B7D1BF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch8:*:*:*:*:*:*",
"matchCriteriaId": "ABBDA068-C4C8-4FE7-9E86-8778FD24B8F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch9:*:*:*:*:*:*",
"matchCriteriaId": "D1C95543-0162-4F9A-A9F5-8D2534210489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*",
"matchCriteriaId": "A98A1461-959C-4FC5-8860-76C3A9605F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch1:*:*:*:*:*:*",
"matchCriteriaId": "BD265B8F-EA30-4871-86C2-92C04611A947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch2:*:*:*:*:*:*",
"matchCriteriaId": "A2FF8E1C-C700-45D1-B834-E23BF241DCC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch3:*:*:*:*:*:*",
"matchCriteriaId": "BA825F54-5CD7-4D27-88B1-CEEC5AE7EE93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump."
},
{
"lang": "es",
"value": "mailboxd en Zimbra Collaboration Suite, en versiones 8.8 anteriores a la 8.8.8; versiones 8.7 anteriores a la 8.7.11.Patch3 y versiones 8.6 anteriores a la 8.6.0.Patch10, permite la exposici\u00f3n de informaci\u00f3n mediante mensajes de error verbose que contienen un volcado de pila, datos de rastreo o un volcado completo del contexto del usuario."
}
],
"id": "CVE-2018-10950",
"lastModified": "2024-11-21T03:42:22.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-10T01:29:05.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108963"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-30 21:29
Modified
2024-11-21 02:37
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | 8.6.0 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| zimbra | zimbra_collaboration_suite | 8.6.0 | |
| zimbra | zimbra_collaboration_suite | 8.6.0 | |
| zimbra | zimbra_collaboration_suite | 8.6.0 | |
| zimbra | zimbra_collaboration_suite | 8.6.0 | |
| zimbra | zimbra_collaboration_suite | 8.6.0 | |
| zimbra | zimbra_collaboration_suite | 8.6.0 | |
| zimbra | zimbra_collaboration_suite | 8.6.0 | |
| zimbra | zimbra_collaboration_suite | 8.6.0 | |
| zimbra | zimbra_collaboration_suite | 8.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63374C42-7F79-420F-BABD-EA02568B06D4",
"versionEndIncluding": "8.7.11",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1F0356-FAFD-4B5D-9139-6963515C5C72",
"versionEndIncluding": "8.8.8",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93A06B2F-0C1F-459A-9587-6178E6A081E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*",
"matchCriteriaId": "F64CBF7B-63AB-4523-84B9-D86F64DAB4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "29670387-F106-4B9A-94CC-5EA6832F7869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "DBB18106-737E-469C-AD39-D73098372D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "2154F19B-ADCA-414E-9ED2-2511B661FF3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "EE30747A-56C5-415E-A294-A9227896AA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "5F9E3189-191B-4C54-83F6-EAB26CE978B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "AA149721-96AF-4017-9FD2-7C9474A92E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "DA74ED83-972C-48CB-9431-78EDA8E9FE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "40FDDD6E-43EE-4C4D-852C-0E6F83195D86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "EA052203-C1F3-4DA6-AC79-134F28A74707",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Request Forgery (CSRF) en el formulario de inicio de sesi\u00f3n en Zimbra Collaboration Suite (ZCS) en versiones anteriores a la 8.6.0 Patch 10, versiones 8.7.x anteriores a la 8.7.11 Patch 2 y versiones 8.8.x anteriores a la 8.8.8 Patch 1 permite que atacantes remotos secuestren la autenticaci\u00f3n de v\u00edctimas no especificadas aprovechando el error a la hora de emplear un token CSRF."
}
],
"id": "CVE-2015-7610",
"lastModified": "2024-11-21T02:37:03.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-30T21:29:00.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-zimbra-8-7-11-patch-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8-7-11-patch-3-zimbra-8-6-0-patch-10/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-zimbra-8-7-11-patch-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8-7-11-patch-3-zimbra-8-6-0-patch-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 22:59
Modified
2024-11-21 02:49
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB544961-B884-454E-AC8C-8E18E3B467DA",
"versionEndIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados, vulnerabilidades tambi\u00e9n conocidas como errores 103956, 103995, 104475, 104838 y 104839."
}
],
"id": "CVE-2016-3410",
"lastModified": "2024-11-21T02:49:56.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T22:59:00.500",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95900"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 22:59
Modified
2024-11-21 02:49
Severity ?
Summary
Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB544961-B884-454E-AC8C-8E18E3B467DA",
"versionEndIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Zimbra Collaboration en versiones anteriores a 8.6.0 Patch 7 permite a usuarios remotos autenticados afectar a la disponibilidad a trav\u00e9s de vectores desconocidos, vulnerabilidad tambi\u00e9n conocida como error 102029."
}
],
"id": "CVE-2016-3414",
"lastModified": "2024-11-21T02:49:57.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T22:59:00.623",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95918"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://forums.zimbra.org/viewtopic.php?f=8\u0026t=59816"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://forums.zimbra.org/viewtopic.php?f=8\u0026t=59816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 22:59
Modified
2024-11-21 02:49
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB544961-B884-454E-AC8C-8E18E3B467DA",
"versionEndIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados, vulnerabilidad tambi\u00e9n conocida como error 102637."
}
],
"id": "CVE-2016-3409",
"lastModified": "2024-11-21T02:49:56.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T22:59:00.467",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95896"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-18 22:15
Modified
2024-11-21 05:37
Severity ?
Summary
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BF8662-919E-4A40-917F-FEA0EA73491C",
"versionEndExcluding": "8.8.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "9E39A855-C0EB-4448-AE96-177757C40C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p1:*:*:*:*:*:*",
"matchCriteriaId": "FFE7BE6E-7A9A-40C7-B236-7A21103E9F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p2:*:*:*:*:*:*",
"matchCriteriaId": "6FCB5528-70FD-4525-A78B-D5537609331A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p3:*:*:*:*:*:*",
"matchCriteriaId": "EF2EE32D-04A5-46EA-92F0-3C8D74A4B82A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p4:*:*:*:*:*:*",
"matchCriteriaId": "BB3C28CA-4C22-423E-B1C7-CBAFBB91F4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p5:*:*:*:*:*:*",
"matchCriteriaId": "A9A1314A-20C8-42D7-9387-D914999EEAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p6:*:*:*:*:*:*",
"matchCriteriaId": "CEF091C5-8DC6-4A41-9E84-F53BE703F71B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled."
},
{
"lang": "es",
"value": "Zimbra Collaboration Suite (ZCS) versiones anteriores a 8.8.15 Patch 7, permite un ataque de tipo SSRF cuando WebEx zimlet es instalado y zimlet JSP est\u00e1 habilitado."
}
],
"id": "CVE-2020-7796",
"lastModified": "2024-11-21T05:37:49.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-18T22:15:10.013",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-10 01:29
Modified
2024-11-21 03:42
Severity ?
Summary
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.zimbra.com/show_bug.cgi?id=108962 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.zimbra.com/show_bug.cgi?id=108962 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | 8.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63374C42-7F79-420F-BABD-EA02568B06D4",
"versionEndIncluding": "8.7.11",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8F5B18-C7FE-41B8-A3F3-5262BA688672",
"versionEndExcluding": "8.8.8",
"versionStartIncluding": "8.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93A06B2F-0C1F-459A-9587-6178E6A081E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the \"HTTP 404 - account is not active\" and \"HTTP 401 - must authenticate\" errors."
},
{
"lang": "es",
"value": "mailboxd en Zimbra Collaboration Suite, en versiones 8.8 anteriores a la 8.8.8; versiones 8.7 anteriores a la 8.7.11.Patch3 y en versiones 8.6, permite la enumeraci\u00f3n de cuentas aprovechando una discrepancia entre los errores \"HTTP 404 - account is not active\" y \"HTTP 401 - must authenticate\"."
}
],
"id": "CVE-2018-10949",
"lastModified": "2024-11-21T03:42:22.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-10T01:29:05.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108962"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-17 14:29
Modified
2024-11-21 02:49
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB544961-B884-454E-AC8C-8E18E3B467DA",
"versionEndIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site request forgery (CSRF) en la Consola Administrativa en Zimbra Collaboration anterior a versi\u00f3n 8.6.0 Parche 8, permiten a los atacantes remotos secuestrar la autenticaci\u00f3n de administradores para pedir que (1) agregue, (2) modifique o (3) elimine cuentas mediante el aprovechamiento de un fallo en el uso de un token CSRF y realizar comprobaciones de encabezado de referencia, tambi\u00e9n se conoce como errores 100885 y 100899."
}
],
"id": "CVE-2016-3403",
"lastModified": "2024-11-21T02:49:55.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-17T14:29:00.290",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2017/Jan/30"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95383"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=100885"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=100899"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sysdream.com/news/lab/2017-01-12-cve-2016-3403-multiple-csrf-in-zimbra-administration-interface/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6_Patch_8"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2017/Jan/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=100885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=100899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sysdream.com/news/lab/2017-01-12-cve-2016-3403-multiple-csrf-in-zimbra-administration-interface/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6_Patch_8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-29 22:29
Modified
2025-02-25 02:00
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 |
{
"cisaActionDue": "2022-07-10",
"cisaExploitAdd": "2022-01-10",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A91CE8F-5E21-459E-A253-A1706357B82B",
"versionEndExcluding": "8.7.11",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*",
"matchCriteriaId": "A98A1461-959C-4FC5-8860-76C3A9605F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*",
"matchCriteriaId": "F64CBF7B-63AB-4523-84B9-D86F64DAB4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p2:*:*:*:*:*:*",
"matchCriteriaId": "D411A60B-BFA0-4B47-BF7B-D21AAFFC9E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p3:*:*:*:*:*:*",
"matchCriteriaId": "0ADC2E0E-9365-46AA-85AC-DF2B5C791833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p4:*:*:*:*:*:*",
"matchCriteriaId": "5ADA2C87-BDA0-485B-8BF3-EE1E1DC1C4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p5:*:*:*:*:*:*",
"matchCriteriaId": "E28795C8-62FF-4C68-A469-8A2AD309E28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p6:*:*:*:*:*:*",
"matchCriteriaId": "08339B97-5558-4DF5-8CB7-6CEB91328CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p7:*:*:*:*:*:*",
"matchCriteriaId": "779BE18C-12E4-4F91-A5EC-DAB739003DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p8:*:*:*:*:*:*",
"matchCriteriaId": "CF7BA64E-2A92-4C8B-8913-E89E6B42ABF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p9:*:*:*:*:*:*",
"matchCriteriaId": "3999E720-AC7F-45F1-9B72-63366571B6AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml."
},
{
"lang": "es",
"value": "El componente mailboxd en Synacor Zimbra Collaboration Suite 8.7.x antes de 8.7.11p10 tiene una vulnerabilidad de inyecci\u00f3n de entidad externa XML (XXE), como lo demuestra Autodiscover/Autodiscover.xml"
}
],
"id": "CVE-2019-9670",
"lastModified": "2025-02-25T02:00:02.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2019-05-29T22:29:01.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109129"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46693/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46693/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-18 22:15
Modified
2024-11-21 05:39
Severity ?
Summary
An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BF8662-919E-4A40-917F-FEA0EA73491C",
"versionEndExcluding": "8.8.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "9E39A855-C0EB-4448-AE96-177757C40C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p1:*:*:*:*:*:*",
"matchCriteriaId": "FFE7BE6E-7A9A-40C7-B236-7A21103E9F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p2:*:*:*:*:*:*",
"matchCriteriaId": "6FCB5528-70FD-4525-A78B-D5537609331A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p3:*:*:*:*:*:*",
"matchCriteriaId": "EF2EE32D-04A5-46EA-92F0-3C8D74A4B82A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p4:*:*:*:*:*:*",
"matchCriteriaId": "BB3C28CA-4C22-423E-B1C7-CBAFBB91F4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p5:*:*:*:*:*:*",
"matchCriteriaId": "A9A1314A-20C8-42D7-9387-D914999EEAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p6:*:*:*:*:*:*",
"matchCriteriaId": "CEF091C5-8DC6-4A41-9E84-F53BE703F71B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Zimbra Collaboration Suite (ZCS) versiones anteriores a 8.8.15 Patch 7. Cuando los otorgantes revocan un calendario compartido en Outlook, el calendario se mantuvo montado y accesible."
}
],
"id": "CVE-2020-8633",
"lastModified": "2024-11-21T05:39:09.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-18T22:15:10.090",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-281"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-29 22:29
Modified
2024-11-21 04:47
Severity ?
Summary
Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.zimbra.com/show_bug.cgi?id=109096 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.zimbra.com/show_bug.cgi?id=109096 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A91CE8F-5E21-459E-A253-A1706357B82B",
"versionEndExcluding": "8.7.11",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "172EF781-F36D-49D1-8E80-5F344551F543",
"versionEndExcluding": "8.8.9",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*",
"matchCriteriaId": "A98A1461-959C-4FC5-8860-76C3A9605F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*",
"matchCriteriaId": "F64CBF7B-63AB-4523-84B9-D86F64DAB4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p10:*:*:*:*:*:*",
"matchCriteriaId": "2FA00517-042F-405C-935D-D8C163EA5E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p2:*:*:*:*:*:*",
"matchCriteriaId": "D411A60B-BFA0-4B47-BF7B-D21AAFFC9E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p3:*:*:*:*:*:*",
"matchCriteriaId": "0ADC2E0E-9365-46AA-85AC-DF2B5C791833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p4:*:*:*:*:*:*",
"matchCriteriaId": "5ADA2C87-BDA0-485B-8BF3-EE1E1DC1C4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p5:*:*:*:*:*:*",
"matchCriteriaId": "E28795C8-62FF-4C68-A469-8A2AD309E28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p6:*:*:*:*:*:*",
"matchCriteriaId": "08339B97-5558-4DF5-8CB7-6CEB91328CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p7:*:*:*:*:*:*",
"matchCriteriaId": "779BE18C-12E4-4F91-A5EC-DAB739003DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p8:*:*:*:*:*:*",
"matchCriteriaId": "CF7BA64E-2A92-4C8B-8913-E89E6B42ABF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p9:*:*:*:*:*:*",
"matchCriteriaId": "3999E720-AC7F-45F1-9B72-63366571B6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:-:*:*:*:*:*:*",
"matchCriteriaId": "01E60F13-49E8-45C7-80D0-3FE174C26AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p1:*:*:*:*:*:*",
"matchCriteriaId": "7721C638-63F3-4FB4-9DBC-7781A16EDEB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p2:*:*:*:*:*:*",
"matchCriteriaId": "B1FFA288-70EA-4A51-911A-C79E3359EAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p3:*:*:*:*:*:*",
"matchCriteriaId": "67940E89-EDDC-4B17-BE1D-A1C00A80B315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p4:*:*:*:*:*:*",
"matchCriteriaId": "CB504F6B-DD81-46F6-A3E2-B0EDA70E23BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p6:*:*:*:*:*:*",
"matchCriteriaId": "7A186E7A-9234-4927-97F1-E3F1D2DE1E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p7:*:*:*:*:*:*",
"matchCriteriaId": "231D52D8-CD5A-4C21-AFBE-07992E004D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p8:*:*:*:*:*:*",
"matchCriteriaId": "398502C2-F94A-4564-BD03-864B4B314389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:-:*:*:*:*:*:*",
"matchCriteriaId": "EEE708DD-3340-4190-B3B0-D102D798C091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p2:*:*:*:*:*:*",
"matchCriteriaId": "DB9C1A1E-A45A-43BF-87E1-5B4A03BB8101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p3:*:*:*:*:*:*",
"matchCriteriaId": "1BA23A8E-2ADF-4EAC-93FA-CBFA9108D4B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p4:*:*:*:*:*:*",
"matchCriteriaId": "17C10530-F184-424C-928D-68A2FB737692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p6:*:*:*:*:*:*",
"matchCriteriaId": "094A5DED-EAA7-4F98-8B28-F2C5156194BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:-:*:*:*:*:*:*",
"matchCriteriaId": "A0B38B6A-83D3-4983-A4E7-4A1418C3F0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:p2:*:*:*:*:*:*",
"matchCriteriaId": "8B8088CE-904A-4FBF-900F-0388E043FCD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component."
},
{
"lang": "es",
"value": "Zimbra Collaboration Suite versi\u00f3n 8.7.x hasta la 8.8.11, permite Blind SSRF en el componente Feed."
}
],
"id": "CVE-2019-6981",
"lastModified": "2024-11-21T04:47:21.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-29T22:29:01.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109096"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-29 22:29
Modified
2024-11-21 04:00
Severity ?
Summary
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.zimbra.com/show_bug.cgi?id=109093 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Security_Center | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.zimbra.com/show_bug.cgi?id=109093 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Security_Center | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A91CE8F-5E21-459E-A253-A1706357B82B",
"versionEndExcluding": "8.7.11",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "172EF781-F36D-49D1-8E80-5F344551F543",
"versionEndExcluding": "8.8.9",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*",
"matchCriteriaId": "A98A1461-959C-4FC5-8860-76C3A9605F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*",
"matchCriteriaId": "F64CBF7B-63AB-4523-84B9-D86F64DAB4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p2:*:*:*:*:*:*",
"matchCriteriaId": "D411A60B-BFA0-4B47-BF7B-D21AAFFC9E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p3:*:*:*:*:*:*",
"matchCriteriaId": "0ADC2E0E-9365-46AA-85AC-DF2B5C791833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p4:*:*:*:*:*:*",
"matchCriteriaId": "5ADA2C87-BDA0-485B-8BF3-EE1E1DC1C4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p5:*:*:*:*:*:*",
"matchCriteriaId": "E28795C8-62FF-4C68-A469-8A2AD309E28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p6:*:*:*:*:*:*",
"matchCriteriaId": "08339B97-5558-4DF5-8CB7-6CEB91328CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p7:*:*:*:*:*:*",
"matchCriteriaId": "779BE18C-12E4-4F91-A5EC-DAB739003DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p8:*:*:*:*:*:*",
"matchCriteriaId": "CF7BA64E-2A92-4C8B-8913-E89E6B42ABF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p9:*:*:*:*:*:*",
"matchCriteriaId": "3999E720-AC7F-45F1-9B72-63366571B6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:-:*:*:*:*:*:*",
"matchCriteriaId": "01E60F13-49E8-45C7-80D0-3FE174C26AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p1:*:*:*:*:*:*",
"matchCriteriaId": "7721C638-63F3-4FB4-9DBC-7781A16EDEB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p2:*:*:*:*:*:*",
"matchCriteriaId": "B1FFA288-70EA-4A51-911A-C79E3359EAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p3:*:*:*:*:*:*",
"matchCriteriaId": "67940E89-EDDC-4B17-BE1D-A1C00A80B315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p4:*:*:*:*:*:*",
"matchCriteriaId": "CB504F6B-DD81-46F6-A3E2-B0EDA70E23BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p6:*:*:*:*:*:*",
"matchCriteriaId": "7A186E7A-9234-4927-97F1-E3F1D2DE1E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p7:*:*:*:*:*:*",
"matchCriteriaId": "231D52D8-CD5A-4C21-AFBE-07992E004D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p8:*:*:*:*:*:*",
"matchCriteriaId": "398502C2-F94A-4564-BD03-864B4B314389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:-:*:*:*:*:*:*",
"matchCriteriaId": "EEE708DD-3340-4190-B3B0-D102D798C091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p2:*:*:*:*:*:*",
"matchCriteriaId": "DB9C1A1E-A45A-43BF-87E1-5B4A03BB8101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p3:*:*:*:*:*:*",
"matchCriteriaId": "1BA23A8E-2ADF-4EAC-93FA-CBFA9108D4B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p4:*:*:*:*:*:*",
"matchCriteriaId": "17C10530-F184-424C-928D-68A2FB737692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:-:*:*:*:*:*:*",
"matchCriteriaId": "A0B38B6A-83D3-4983-A4E7-4A1418C3F0D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd."
},
{
"lang": "es",
"value": "ZxChat (conocido como ZeXtras Chat), es usado para zimbra-chat y zimbra-talk en Synacor Zimbra Collaboration Suite versiones 8.7 y 8.8 y en otros productos, permite ataques de tipo XXE, como demuestra una petici\u00f3n XML creada al componente buz\u00f3n mailboxd."
}
],
"id": "CVE-2018-20160",
"lastModified": "2024-11-21T04:00:58.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-29T22:29:01.320",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109093"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-29 22:29
Modified
2024-11-21 04:47
Severity ?
Summary
Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.zimbra.com/show_bug.cgi?id=109097 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.zimbra.com/show_bug.cgi?id=109097 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A91CE8F-5E21-459E-A253-A1706357B82B",
"versionEndExcluding": "8.7.11",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "172EF781-F36D-49D1-8E80-5F344551F543",
"versionEndExcluding": "8.8.9",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*",
"matchCriteriaId": "A98A1461-959C-4FC5-8860-76C3A9605F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*",
"matchCriteriaId": "F64CBF7B-63AB-4523-84B9-D86F64DAB4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p2:*:*:*:*:*:*",
"matchCriteriaId": "D411A60B-BFA0-4B47-BF7B-D21AAFFC9E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p3:*:*:*:*:*:*",
"matchCriteriaId": "0ADC2E0E-9365-46AA-85AC-DF2B5C791833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p4:*:*:*:*:*:*",
"matchCriteriaId": "5ADA2C87-BDA0-485B-8BF3-EE1E1DC1C4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p5:*:*:*:*:*:*",
"matchCriteriaId": "E28795C8-62FF-4C68-A469-8A2AD309E28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p6:*:*:*:*:*:*",
"matchCriteriaId": "08339B97-5558-4DF5-8CB7-6CEB91328CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p7:*:*:*:*:*:*",
"matchCriteriaId": "779BE18C-12E4-4F91-A5EC-DAB739003DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p8:*:*:*:*:*:*",
"matchCriteriaId": "CF7BA64E-2A92-4C8B-8913-E89E6B42ABF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:-:*:*:*:*:*:*",
"matchCriteriaId": "01E60F13-49E8-45C7-80D0-3FE174C26AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p1:*:*:*:*:*:*",
"matchCriteriaId": "7721C638-63F3-4FB4-9DBC-7781A16EDEB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p2:*:*:*:*:*:*",
"matchCriteriaId": "B1FFA288-70EA-4A51-911A-C79E3359EAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p3:*:*:*:*:*:*",
"matchCriteriaId": "67940E89-EDDC-4B17-BE1D-A1C00A80B315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p4:*:*:*:*:*:*",
"matchCriteriaId": "CB504F6B-DD81-46F6-A3E2-B0EDA70E23BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p6:*:*:*:*:*:*",
"matchCriteriaId": "7A186E7A-9234-4927-97F1-E3F1D2DE1E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p7:*:*:*:*:*:*",
"matchCriteriaId": "231D52D8-CD5A-4C21-AFBE-07992E004D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p8:*:*:*:*:*:*",
"matchCriteriaId": "398502C2-F94A-4564-BD03-864B4B314389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:-:*:*:*:*:*:*",
"matchCriteriaId": "EEE708DD-3340-4190-B3B0-D102D798C091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p2:*:*:*:*:*:*",
"matchCriteriaId": "DB9C1A1E-A45A-43BF-87E1-5B4A03BB8101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p3:*:*:*:*:*:*",
"matchCriteriaId": "1BA23A8E-2ADF-4EAC-93FA-CBFA9108D4B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p4:*:*:*:*:*:*",
"matchCriteriaId": "17C10530-F184-424C-928D-68A2FB737692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p6:*:*:*:*:*:*",
"matchCriteriaId": "094A5DED-EAA7-4F98-8B28-F2C5156194BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:-:*:*:*:*:*:*",
"matchCriteriaId": "A0B38B6A-83D3-4983-A4E7-4A1418C3F0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:p2:*:*:*:*:*:*",
"matchCriteriaId": "8B8088CE-904A-4FBF-900F-0388E043FCD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component."
},
{
"lang": "es",
"value": "Synacor Zimbra Collaboration Suite versi\u00f3n 8.7.x hasta la 8.8.11, permite una deserializaci\u00f3n no segura de objetos en el componente IMAP."
}
],
"id": "CVE-2019-6980",
"lastModified": "2024-11-21T04:47:21.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-29T22:29:01.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109097"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-17 23:15
Modified
2024-11-21 07:19
Severity ?
Summary
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@rapid7.com | https://github.com/rapid7/metasploit-framework/pull/17141 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| cve@rapid7.com | https://twitter.com/ldsopreload/status/1580539318879547392 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rapid7/metasploit-framework/pull/17141 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/ldsopreload/status/1580539318879547392 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEE111E-985E-43B0-AC27-021AD2FE0107",
"versionEndIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the \u0027zimbra\u0027 user can effectively coerce postfix into running arbitrary commands as \u0027root\u0027."
},
{
"lang": "es",
"value": "Debido a un problema con permisos incorrectos de sudo, Zimbra Collaboration Suite (ZCS) sufre un problema de escalada de privilegios local en versiones 9.0.0 y anteriores, donde el usuario \"zimbra\" puede efectivamente coaccionar a postfix para que ejecute comandos arbitrarios como \"root\""
}
],
"id": "CVE-2022-3569",
"lastModified": "2024-11-21T07:19:47.373",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-17T23:15:09.437",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html"
},
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/17141"
},
{
"source": "cve@rapid7.com",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/ldsopreload/status/1580539318879547392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/17141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/ldsopreload/status/1580539318879547392"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-271"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-15 23:15
Modified
2024-11-21 05:08
Severity ?
Summary
An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/buxu/bug/issues/3 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/buxu/bug/issues/3 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | 8.8.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.12:-:*:*:*:*:*:*",
"matchCriteriaId": "9B49E1CC-2362-4B1A-AED7-B8F857EB0D8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing."
},
{
"lang": "es",
"value": "Un problema en /domain/service/.ewell-known/caldav de Zimbra Collaboration versi\u00f3n 8.8.12, permite a atacantes redirigir a usuarios a cualquier sitio web arbitrario de su elecci\u00f3n"
}
],
"id": "CVE-2020-18985",
"lastModified": "2024-11-21T05:08:53.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-15T23:15:08.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/buxu/bug/issues/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/buxu/bug/issues/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:00
Severity ?
Summary
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as an avatar image for a contact. A user will receive a "Corrupt File" error, but the file is still uploaded and stored locally in /opt/zimbra/data/tmp/upload/, leaving it open to possible remote execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://wiki.zimbra.com/wiki/Security_Center | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P3 | Vendor Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Security_Center | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P3 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 9.0.0 | |
| synacor | zimbra_collaboration_suite | 9.0.0 | |
| synacor | zimbra_collaboration_suite | 9.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BF8662-919E-4A40-917F-FEA0EA73491C",
"versionEndExcluding": "8.8.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "9E39A855-C0EB-4448-AE96-177757C40C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p1:*:*:*:*:*:*",
"matchCriteriaId": "FFE7BE6E-7A9A-40C7-B236-7A21103E9F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p2:*:*:*:*:*:*",
"matchCriteriaId": "6FCB5528-70FD-4525-A78B-D5537609331A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p3:*:*:*:*:*:*",
"matchCriteriaId": "EF2EE32D-04A5-46EA-92F0-3C8D74A4B82A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p4:*:*:*:*:*:*",
"matchCriteriaId": "BB3C28CA-4C22-423E-B1C7-CBAFBB91F4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p5:*:*:*:*:*:*",
"matchCriteriaId": "A9A1314A-20C8-42D7-9387-D914999EEAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p6:*:*:*:*:*:*",
"matchCriteriaId": "CEF091C5-8DC6-4A41-9E84-F53BE703F71B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p7:*:*:*:*:*:*",
"matchCriteriaId": "ACD65C28-9716-4073-8613-C4AF12684760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p8:*:*:*:*:*:*",
"matchCriteriaId": "2C58AFFF-848F-490D-A95C-03A267C2DC98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p9:*:*:*:*:*:*",
"matchCriteriaId": "B62DC188-89A8-4AEA-90AE-563F0BBEFC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "32AFCE22-5ADA-4FF7-A165-5EC12B325DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "D3577FE6-F1F4-4555-8D27-84D6DE731EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "7E7B3976-DA6F-4285-93E6-2328006F7F4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as an avatar image for a contact. A user will receive a \"Corrupt File\" error, but the file is still uploaded and stored locally in /opt/zimbra/data/tmp/upload/, leaving it open to possible remote execution."
},
{
"lang": "es",
"value": "Zimbra versiones anteriores a 8.8.15 Patch 10 y versiones 9.x anteriores a 9.0.0 Patch 3, permite una ejecuci\u00f3n de c\u00f3digo remota por medio de un archivo de avatar. Se presenta un posible abuso del servlet /service/upload en el subsistema del correo web. Un usuario puede cargar archivos ejecutables (exe, sh, bat, jar) en la secci\u00f3n Contact del buz\u00f3n de correo como una imagen de avatar para un contacto. Un usuario recibir\u00e1 un error de \"Corrupt File\", pero el archivo a\u00fan se carga y es almacenado localmente en /opt/zimbra/data/tmp/upload/, dej\u00e1ndolo abierto para una posible ejecuci\u00f3n remota."
}
],
"id": "CVE-2020-12846",
"lastModified": "2024-11-21T05:00:23.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-03T17:15:24.793",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P3"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-30 18:29
Modified
2024-11-21 03:42
Severity ?
Summary
Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.zimbra.com/show_bug.cgi?id=107948 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.zimbra.com/show_bug.cgi?id=107948 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | 8.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22BECE7C-389A-4BD9-88CB-20F536BCC73F",
"versionEndIncluding": "8.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B570E7CB-B4F8-4DAF-9045-2DDF21C90F93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs."
},
{
"lang": "es",
"value": "Synacor Zimbra Admin UI en Zimbra Collaboration Suite Versi\u00f3n anterior de 8.8.0 beta 2 tiene XSS persistente a trav\u00e9s de correos electr\u00f3nicos."
}
],
"id": "CVE-2018-10948",
"lastModified": "2024-11-21T03:42:22.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-30T18:29:02.550",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107948"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-30 21:29
Modified
2024-11-21 03:42
Severity ?
Summary
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.8.8 | |
| synacor | zimbra_collaboration_suite | 8.8.8 | |
| zimbra | zimbra_collaboration_suite | 8.8.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63374C42-7F79-420F-BABD-EA02568B06D4",
"versionEndIncluding": "8.7.11",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1F0356-FAFD-4B5D-9139-6963515C5C72",
"versionEndIncluding": "8.8.8",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*",
"matchCriteriaId": "F64CBF7B-63AB-4523-84B9-D86F64DAB4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p2:*:*:*:*:*:*",
"matchCriteriaId": "D411A60B-BFA0-4B47-BF7B-D21AAFFC9E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p3:*:*:*:*:*:*",
"matchCriteriaId": "0ADC2E0E-9365-46AA-85AC-DF2B5C791833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C251F5AE-592B-4D83-BBE1-A56D96F56DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "D5C2A832-8914-4239-A423-2F2D58E0A6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.8.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "1CC39F0B-C3DA-4A6B-8BEC-E6F2D2AAD8F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group."
},
{
"lang": "es",
"value": "Zimbra Web Client (ZWC) en Zimbra Collaboration Suite en versiones 8.8 anteriores a la 8.8.8.Patch4 y versiones 8.7 anteriores a la 8.7.11.Patch4 tiene Cross-Site Scripting (XSS) persistente mediante un grupo de contactos."
}
],
"id": "CVE-2018-10939",
"lastModified": "2024-11-21T03:42:21.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-30T21:29:00.363",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.zimbra.com/2018/05/new-zimbra-patches-8-8-8-patch-4-and-8-7-11-patch-4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.zimbra.com/2018/05/new-zimbra-patches-8-8-8-patch-4-and-8-7-11-patch-4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 22:59
Modified
2024-11-21 02:49
Severity ?
Summary
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB544961-B884-454E-AC8C-8E18E3B467DA",
"versionEndIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada in Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos afectar a la confidencialidad a trav\u00e9s de vectores desconocidos, vulnerabilidad tambi\u00e9n conocida como error 99167."
}
],
"id": "CVE-2016-3402",
"lastModified": "2024-11-21T02:49:55.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T22:59:00.250",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95887"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-13 18:07
Modified
2024-11-21 02:00
Severity ?
Summary
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | 6.0.0 | |
| synacor | zimbra_collaboration_suite | 6.0.1 | |
| synacor | zimbra_collaboration_suite | 6.0.2 | |
| synacor | zimbra_collaboration_suite | 6.0.3 | |
| synacor | zimbra_collaboration_suite | 6.0.4 | |
| synacor | zimbra_collaboration_suite | 6.0.5 | |
| synacor | zimbra_collaboration_suite | 6.0.6 | |
| synacor | zimbra_collaboration_suite | 6.0.7 | |
| synacor | zimbra_collaboration_suite | 6.0.8 | |
| synacor | zimbra_collaboration_suite | 6.0.9 | |
| synacor | zimbra_collaboration_suite | 6.0.10 | |
| synacor | zimbra_collaboration_suite | 6.0.12 | |
| synacor | zimbra_collaboration_suite | 6.0.13 | |
| synacor | zimbra_collaboration_suite | 6.0.14 | |
| synacor | zimbra_collaboration_suite | 6.0.15 | |
| synacor | zimbra_collaboration_suite | 6.0.16 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDEEE91-985C-419F-8C79-56C6A6FE9666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B93B6131-535D-41D6-A1BF-20A0D4F1A880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD98C1D-EB43-4AC7-8D62-3D9ABE1E98B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "494BC2CE-23C6-48CB-91E4-D825FBDE7F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "826748BF-8DEA-4BA0-8651-99F2BC665C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8012F95A-84BB-4852-A409-D8B29C96A87E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A295FE-9D43-42C7-AFC5-F9D034C1A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F9021F79-A54E-458A-B821-FF5432D5BFC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FD87DCF5-D590-499B-8990-0A65CF076E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD79ED8-C87C-43A9-B963-24E38327375B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0B55F989-EABF-465C-A550-85270B2ED6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADDAE9BA-BFA4-4313-9973-C29FB1E2E94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "708333B3-3D82-4119-9570-2390B4D889E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7D759BE2-4AA5-4770-B45D-5D765781F46A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C5AB0A39-C257-4F40-8925-F5A91CB37E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFC0EC4-70D1-4703-9963-97A1FFFBEA9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en /res/I18nMsg, AjxMsg, ZMsg, ZmMsg, AjxKeys, ZmKeys, ZdMsg, Ajx% 20TemplateMsg.js.zgz en Zimbra que permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el par\u00e1metro skin."
}
],
"id": "CVE-2013-7091",
"lastModified": "2024-11-21T02:00:19.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-13T18:07:54.780",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/100747"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/124321"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30085"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/30472"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/64149"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/124321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/30472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89527"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-29 14:59
Modified
2024-11-21 03:02
Severity ?
Summary
Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/97121 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Security_Center | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97121 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Security_Center | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "376F999D-24BA-48B9-BD92-EB2572687257",
"versionEndIncluding": "8.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks."
},
{
"lang": "es",
"value": "Zimbra Collaboration Suite (ZCS) en versiones anteriores a 8.7.4 permite a atacantes remotos conducir ataques XML External Entity (XXE)."
}
],
"id": "CVE-2016-9924",
"lastModified": "2024-11-21T03:02:01.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-29T14:59:00.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97121"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-03 08:29
Modified
2024-11-21 03:55
Severity ?
Summary
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.zimbra.com/show_bug.cgi?id=109021 | Permissions Required, Third Party Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.10 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.zimbra.com/show_bug.cgi?id=109021 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.10 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6D37E0-1CA4-4E47-AEBA-77F07B9FB68D",
"versionEndExcluding": "8.8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value."
},
{
"lang": "es",
"value": "Zimbra Collaboration en versiones anteriores a la 8.8.10 GA permite la suplantaci\u00f3n de contenido de texto mediante un valor loginErrorCode."
}
],
"id": "CVE-2018-17938",
"lastModified": "2024-11-21T03:55:14.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-03T08:29:00.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109021"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.10"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 22:59
Modified
2024-11-21 02:49
Severity ?
Summary
Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB544961-B884-454E-AC8C-8E18E3B467DA",
"versionEndIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en Zimbra Collaboration en versiones anteriores a 8.7.0 permiten a atacantes remotos afectar a la integridad a trav\u00e9s de vectores desconocidos, vulnerabilidades tambi\u00e9n conocidas como errores 103961 y 104828."
}
],
"id": "CVE-2016-3405",
"lastModified": "2024-11-21T02:49:56.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T22:59:00.313",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95886"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-10 01:29
Modified
2024-11-21 03:42
Severity ?
Summary
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.zimbra.com/show_bug.cgi?id=108894 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.zimbra.com/show_bug.cgi?id=108894 | Issue Tracking |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A70E8D6-CAE9-4F32-83DC-958FF4F4D531",
"versionEndIncluding": "8.7.11",
"versionStartIncluding": "8.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8F5B18-C7FE-41B8-A3F3-5262BA688672",
"versionEndExcluding": "8.8.8",
"versionStartIncluding": "8.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE1775A-949B-4F2B-A1CD-F20248A514D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch1:*:*:*:*:*:*",
"matchCriteriaId": "83535482-F84B-432B-BEC0-ACBEA1735F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch2:*:*:*:*:*:*",
"matchCriteriaId": "9EE035F1-D525-46F2-82FD-70AD3007B11C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch3:*:*:*:*:*:*",
"matchCriteriaId": "6E9C15E8-F2EB-40FA-9B86-C661C9D0CE90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch4:*:*:*:*:*:*",
"matchCriteriaId": "9C060044-1B84-4508-9FE9-8D3D2C8A1B17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch5:*:*:*:*:*:*",
"matchCriteriaId": "B12A5DF0-4BE7-4A6D-B978-FC58BD858E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch6:*:*:*:*:*:*",
"matchCriteriaId": "1316FBE6-33A8-40CB-8EAC-D02D506BEE95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch7:*:*:*:*:*:*",
"matchCriteriaId": "C3AB6AA3-9E01-47AE-8326-9CBA7B6EDE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch8:*:*:*:*:*:*",
"matchCriteriaId": "8F1440AB-9E8E-4B9B-85AD-915A2536D76F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch9:*:*:*:*:*:*",
"matchCriteriaId": "FC73DE41-1DC7-438C-9E5B-3E01678744C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.7.11:patch1:*:*:*:*:*:*",
"matchCriteriaId": "0B58FD02-BDA9-4C11-A9B5-F42E3838DE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.7.11:patch2:*:*:*:*:*:*",
"matchCriteriaId": "E72A72CA-9D34-42E4-85FA-B70C9D7A450A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API."
},
{
"lang": "es",
"value": "mailboxd en Zimbra Collaboration Suite, en versiones 8.8 anteriores a la 8.8.8; versiones 8.7 anteriores a la 8.7.11.Patch3 y versiones 8.6 anteriores a la 8.6.0.Patch10, permite el acceso de lectura zimbraSSLPrivateKey mediante una llamada GetServer, GetAllServers o GetAllActiveServers en la API SOAP Admin."
}
],
"id": "CVE-2018-10951",
"lastModified": "2024-11-21T03:42:22.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-10T01:29:05.753",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108894"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-23 04:29
Modified
2024-11-21 03:30
Severity ?
Summary
A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98087 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Security_Center | Vendor Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98087 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Security_Center | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6 | Release Notes |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DF492D-11DB-4AB6-BACA-4ABADA9FC2EE",
"versionEndIncluding": "8.7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations."
},
{
"lang": "es",
"value": "Un servicio prestado por Zimbra Collaboration Suite (ZCS) en versiones anteriores a la 8.7.6 no solicita los privilegios necesarios antes de realizar determinadas operaciones."
}
],
"id": "CVE-2017-6813",
"lastModified": "2024-11-21T03:30:35.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-23T04:29:02.010",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98087"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 22:59
Modified
2024-11-21 02:49
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB544961-B884-454E-AC8C-8E18E3B467DA",
"versionEndIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados, vulnerabilidades tambi\u00e9n conocidas como errores 103997, 104413, 104414, 104777 y 104791."
}
],
"id": "CVE-2016-3412",
"lastModified": "2024-11-21T02:49:57.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T22:59:00.563",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95899"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-04 01:29
Modified
2024-11-21 03:18
Severity ?
Summary
Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.zimbra.com/show_bug.cgi?id=108265 | Issue Tracking, Permissions Required, Vendor Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.zimbra.com/show_bug.cgi?id=108265 | Issue Tracking, Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED1B70E3-80AD-4B09-AEE0-11E6B74D04E0",
"versionEndExcluding": "8.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS."
},
{
"lang": "es",
"value": "Synacor Zimbra Collaboration Suite (ZCS) en versiones anteriores a la 8.8.3 tiene XSS persistente."
}
],
"id": "CVE-2017-17703",
"lastModified": "2024-11-21T03:18:29.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-04T01:29:00.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108265"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-27 16:29
Modified
2025-02-25 02:00
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | 8.7 | |
| synacor | zimbra_collaboration_suite | 8.8.0 | |
| synacor | zimbra_collaboration_suite | 8.8.1 | |
| synacor | zimbra_collaboration_suite | 8.8.2 | |
| synacor | zimbra_collaboration_suite | 8.8.3 | |
| synacor | zimbra_collaboration_suite | 8.8.4 | |
| synacor | zimbra_collaboration_suite | 8.8.5 | |
| synacor | zimbra_collaboration_suite | 8.8.6 |
{
"cisaActionDue": "2022-05-10",
"cisaExploitAdd": "2022-04-19",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C57EE5B-88CB-4C0A-B36A-9EA6182D41A9",
"versionEndExcluding": "8.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7:-:*:*:*:*:*:*",
"matchCriteriaId": "03F83226-BA97-4D17-9308-DE2705A37AC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8555354-CE05-4A50-9DA6-F62F6A55AB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5064C2C1-605A-4B35-8940-C824DC989AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "29A9742A-ABE8-4307-995D-4EBBC9923D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DB501C-E7C8-4D87-A2FE-DA52E1E66B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE425FC-5201-4EAB-8B40-87DA0F3B2120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08B9ACD5-1463-4C2E-8B13-DE5F221BD1B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0DEB5B-4086-473F-BE7E-EE2BAECFA096",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en la funci\u00f3n ZmMailMsgView.getAttachmentLinkHtml en Zimbra Collaboration Suite (ZCS), en versiones anteriores a la 8.7 Patch 1 y versiones 8.8.x anteriores a la 8.8.7, podr\u00eda permitir que atacantes remotos inyecten scripts web o HTML arbitrarios mediante una cabecera Content-Location en un adjunto de correo electr\u00f3nico."
}
],
"id": "CVE-2018-6882",
"lastModified": "2025-02-25T02:00:02.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2018-03-27T16:29:00.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/52"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/541891/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108786"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/52"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/541891/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 22:59
Modified
2024-11-21 02:49
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB544961-B884-454E-AC8C-8E18E3B467DA",
"versionEndIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados, vulnerabilidad tambi\u00e9n conocida como error 103609."
}
],
"id": "CVE-2016-3411",
"lastModified": "2024-11-21T02:49:57.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T22:59:00.530",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95901"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/45177/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/45177/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-30 18:29
Modified
2024-11-21 03:49
Severity ?
Summary
There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.zimbra.com/show_bug.cgi?id=108970 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.zimbra.com/show_bug.cgi?id=108970 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | 8.8.8 | |
| synacor | zimbra_collaboration_suite | 8.8.8 | |
| synacor | zimbra_collaboration_suite | 8.8.8 | |
| synacor | zimbra_collaboration_suite | 8.8.8 | |
| synacor | zimbra_collaboration_suite | 8.8.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24F5F521-0ED9-4AD2-A6FF-E4BC9CCC1A5E",
"versionEndExcluding": "8.8.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:-:*:*:*:*:*:*",
"matchCriteriaId": "5463E3D4-4C0F-4CCC-ACC3-670E4F7B3BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch1:*:*:*:*:*:*",
"matchCriteriaId": "C1350BE3-C05F-4498-A361-DE614A6FC73F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch3:*:*:*:*:*:*",
"matchCriteriaId": "6A631BEE-F868-4400-ACCC-1BD4141E04C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch4:*:*:*:*:*:*",
"matchCriteriaId": "E7015390-C1FB-48D7-B4BE-D41258A021F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:-:*:*:*:*:*:*",
"matchCriteriaId": "01E60F13-49E8-45C7-80D0-3FE174C26AA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1."
},
{
"lang": "es",
"value": "hay una vulnerabilidad persistente de XSS en el componente de la cartera de Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 versi\u00f3n anterior de 8.8.8 parche 7 y 8.8.9 Versiones anteriores de 8.8.9 parche 1."
}
],
"id": "CVE-2018-14425",
"lastModified": "2024-11-21T03:49:01.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-30T18:29:02.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108970"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 22:59
Modified
2024-11-21 02:51
Severity ?
Summary
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB544961-B884-454E-AC8C-8E18E3B467DA",
"versionEndIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos afectar a la integridad a trav\u00e9s de vectores desconocidos, vulnerabilidad tambi\u00e9n conocida como error 104477."
}
],
"id": "CVE-2016-4019",
"lastModified": "2024-11-21T02:51:10.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T22:59:00.750",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95922"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 22:59
Modified
2024-11-21 02:49
Severity ?
Summary
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB544961-B884-454E-AC8C-8E18E3B467DA",
"versionEndIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos afectar a la integridad a trav\u00e9s de vectores desconocidos, vulnerabilidad tambi\u00e9n conocida como error 103996."
}
],
"id": "CVE-2016-3413",
"lastModified": "2024-11-21T02:49:57.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T22:59:00.593",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95895"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 22:59
Modified
2024-11-21 02:49
Severity ?
Summary
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB544961-B884-454E-AC8C-8E18E3B467DA",
"versionEndIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Zimbra Collaboration en versiones anteriores a 8.7.0 permite a usuarios remotos autenticados afectar a la integridad a trav\u00e9s de vectores desconocidos, vulnerabilidad tambi\u00e9n conocida como error 99810."
}
],
"id": "CVE-2016-3401",
"lastModified": "2024-11-21T02:49:55.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T22:59:00.203",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95860"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 22:59
Modified
2024-11-21 02:49
Severity ?
Summary
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB544961-B884-454E-AC8C-8E18E3B467DA",
"versionEndIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos afectar a la integridad a trav\u00e9s de vectores desconocidos, vulnerabilidad tambi\u00e9n conocida como error 103959."
}
],
"id": "CVE-2016-3404",
"lastModified": "2024-11-21T02:49:56.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T22:59:00.280",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95894"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-02 16:15
Modified
2024-11-21 05:01
Severity ?
Summary
An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing an e-mail signature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://wiki.zimbra.com/wiki/Security_Center | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P11 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P4 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Security_Center | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P11 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P4 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 | |
| synacor | zimbra_collaboration_suite | 8.8.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BF8662-919E-4A40-917F-FEA0EA73491C",
"versionEndExcluding": "8.8.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "9E39A855-C0EB-4448-AE96-177757C40C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p1:*:*:*:*:*:*",
"matchCriteriaId": "FFE7BE6E-7A9A-40C7-B236-7A21103E9F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p10:*:*:*:*:*:*",
"matchCriteriaId": "B5924FFC-BA19-48B3-BF4D-0C2DB3FCD407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p2:*:*:*:*:*:*",
"matchCriteriaId": "6FCB5528-70FD-4525-A78B-D5537609331A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p3:*:*:*:*:*:*",
"matchCriteriaId": "EF2EE32D-04A5-46EA-92F0-3C8D74A4B82A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p4:*:*:*:*:*:*",
"matchCriteriaId": "BB3C28CA-4C22-423E-B1C7-CBAFBB91F4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p5:*:*:*:*:*:*",
"matchCriteriaId": "A9A1314A-20C8-42D7-9387-D914999EEAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p6:*:*:*:*:*:*",
"matchCriteriaId": "CEF091C5-8DC6-4A41-9E84-F53BE703F71B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p7:*:*:*:*:*:*",
"matchCriteriaId": "ACD65C28-9716-4073-8613-C4AF12684760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p8:*:*:*:*:*:*",
"matchCriteriaId": "2C58AFFF-848F-490D-A95C-03A267C2DC98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p9:*:*:*:*:*:*",
"matchCriteriaId": "B62DC188-89A8-4AEA-90AE-563F0BBEFC54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user\u0027s profile. The injected code can be reflected and executed when changing an e-mail signature."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo XSS en el componente Webmail de Zimbra Collaboration Suite versiones anteriores a 8.8.15 Parche 11. Permite a un atacante inyectar JavaScript ejecutable en el nombre de la cuenta del perfil de un usuario. El c\u00f3digo inyectado puede ser reflejado y ejecutado cuando se cambia una firma de correo electr\u00f3nico"
}
],
"id": "CVE-2020-13653",
"lastModified": "2024-11-21T05:01:41.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-02T16:15:11.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P11"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P4"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-23 04:29
Modified
2024-11-21 03:30
Severity ?
Summary
Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98090 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Security_Center | Vendor Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98090 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Security_Center | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6 | Release Notes |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DF492D-11DB-4AB6-BACA-4ABADA9FC2EE",
"versionEndIncluding": "8.7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en Zimbra Collaboration Suite (tambi\u00e9n conocido como ZCS) en versiones anteriores a la 8.7.6 permite a los atacantes provocar un impacto no especificado mediante vectores desconocidos."
}
],
"id": "CVE-2017-6821",
"lastModified": "2024-11-21T03:30:36.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-23T04:29:02.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98090"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 22:59
Modified
2024-11-21 02:49
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/95890 | ||
| cve@mitre.org | https://bugzilla.zimbra.com/show_bug.cgi?id=104294 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://bugzilla.zimbra.com/show_bug.cgi?id=104456 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | Release Notes | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95890 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.zimbra.com/show_bug.cgi?id=104294 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.zimbra.com/show_bug.cgi?id=104456 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB544961-B884-454E-AC8C-8E18E3B467DA",
"versionEndIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en Zimbra Collaboration en versiones anteriores a 8.7.0 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de v\u00edctimas no especificadas a trav\u00e9s de vectores que implican (1) la extensi\u00f3n de subida Client o (2) la extensi\u00f3n de manejo REST, vulnerabilidades tambi\u00e9n conocidas como errores 104294 y 104456."
}
],
"id": "CVE-2016-3406",
"lastModified": "2024-11-21T02:49:56.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T22:59:00.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95890"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=104294"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=104456"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=104294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=104456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-30 20:29
Modified
2024-11-21 02:37
Severity ?
Summary
Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | 8.6.0 | |
| synacor | zimbra_collaboration_suite | 8.6.0 | |
| synacor | zimbra_collaboration_suite | 8.6.0 | |
| synacor | zimbra_collaboration_suite | 8.6.0 | |
| synacor | zimbra_collaboration_suite | 8.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "09016525-12F2-49D0-A803-E38294FE3EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "A640E533-4AB8-4DBA-B59C-3CCDE507155F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "EFFA097D-1FAC-41A9-BF40-004BBE4F4777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "957B3D6D-DDA6-4770-B8B1-8CDF95E87140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "E48E062A-8658-4006-856E-CBABE57FE00C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra."
},
{
"lang": "es",
"value": "Synacor Zimbra Mail Client 8.6 anerior a 8.6.0 Patch 5 tiene XSS a trav\u00e9s del cuadro de di\u00e1logo error/warning y email body content en Zimbra."
}
],
"id": "CVE-2015-7609",
"lastModified": "2024-11-21T02:37:03.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-30T20:29:00.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=101435"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=101436"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-15-080"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-15-081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=101435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=101436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-15-080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-15-081"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-15 23:15
Modified
2024-11-21 05:08
Severity ?
Summary
A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/buxu/bug/issues/2 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/buxu/bug/issues/2 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | 8.8.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.12:-:*:*:*:*:*:*",
"matchCriteriaId": "9B49E1CC-2362-4B1A-AED7-B8F857EB0D8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) reflejada en el componente zimbraAdmin/public/secureRequest.jsp de Zimbra Collaboration versi\u00f3n 8.8.12, permite a atacantes no autenticados ejecutar scripts web o HTML arbitrarios por medio de una inyecci\u00f3n del encabezado de host"
}
],
"id": "CVE-2020-18984",
"lastModified": "2024-11-21T05:08:53.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-15T23:15:08.693",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/buxu/bug/issues/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/buxu/bug/issues/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-29 22:29
Modified
2024-11-21 03:56
Severity ?
Summary
mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.zimbra.com/show_bug.cgi?id=109020 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.zimbra.com/show_bug.cgi?id=109020 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | 8.6.0 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.7.11 | |
| synacor | zimbra_collaboration_suite | 8.8.9 | |
| synacor | zimbra_collaboration_suite | 8.8.9 | |
| synacor | zimbra_collaboration_suite | 8.8.9 | |
| synacor | zimbra_collaboration_suite | 8.8.9 | |
| synacor | zimbra_collaboration_suite | 8.8.9 | |
| synacor | zimbra_collaboration_suite | 8.8.9 | |
| synacor | zimbra_collaboration_suite | 8.8.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A91CE8F-5E21-459E-A253-A1706357B82B",
"versionEndExcluding": "8.7.11",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "172EF781-F36D-49D1-8E80-5F344551F543",
"versionEndExcluding": "8.8.9",
"versionStartIncluding": "8.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93A06B2F-0C1F-459A-9587-6178E6A081E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*",
"matchCriteriaId": "A98A1461-959C-4FC5-8860-76C3A9605F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*",
"matchCriteriaId": "F64CBF7B-63AB-4523-84B9-D86F64DAB4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p2:*:*:*:*:*:*",
"matchCriteriaId": "D411A60B-BFA0-4B47-BF7B-D21AAFFC9E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p3:*:*:*:*:*:*",
"matchCriteriaId": "0ADC2E0E-9365-46AA-85AC-DF2B5C791833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p4:*:*:*:*:*:*",
"matchCriteriaId": "5ADA2C87-BDA0-485B-8BF3-EE1E1DC1C4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p5:*:*:*:*:*:*",
"matchCriteriaId": "E28795C8-62FF-4C68-A469-8A2AD309E28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p6:*:*:*:*:*:*",
"matchCriteriaId": "08339B97-5558-4DF5-8CB7-6CEB91328CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:-:*:*:*:*:*:*",
"matchCriteriaId": "01E60F13-49E8-45C7-80D0-3FE174C26AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p1:*:*:*:*:*:*",
"matchCriteriaId": "7721C638-63F3-4FB4-9DBC-7781A16EDEB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p2:*:*:*:*:*:*",
"matchCriteriaId": "B1FFA288-70EA-4A51-911A-C79E3359EAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p3:*:*:*:*:*:*",
"matchCriteriaId": "67940E89-EDDC-4B17-BE1D-A1C00A80B315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p4:*:*:*:*:*:*",
"matchCriteriaId": "CB504F6B-DD81-46F6-A3E2-B0EDA70E23BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p6:*:*:*:*:*:*",
"matchCriteriaId": "7A186E7A-9234-4927-97F1-E3F1D2DE1E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:-:*:*:*:*:*:*",
"matchCriteriaId": "EEE708DD-3340-4190-B3B0-D102D798C091",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS."
},
{
"lang": "es",
"value": "El componente mailboxd en Synacor Zimbra Collaboration Suite versi\u00f3n 8.6, versi\u00f3n 8.7 anteriores de 8.7.11 path 7, y versi\u00f3n 8.8 anteriores de 8.8.10 path 2. presenta una vulnerabilidad de tipo XSS persistente."
}
],
"id": "CVE-2018-18631",
"lastModified": "2024-11-21T03:56:16.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-29T22:29:01.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 22:59
Modified
2024-11-21 02:49
Severity ?
Summary
Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB544961-B884-454E-AC8C-8E18E3B467DA",
"versionEndIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276."
},
{
"lang": "es",
"value": "Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos llevar a cabo ataques de deserializaci\u00f3n a trav\u00e9s de vectores no especificados, vulnerabilidad tambi\u00e9n conocida como error 102276."
}
],
"id": "CVE-2016-3415",
"lastModified": "2024-11-21T02:49:57.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T22:59:00.670",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95917"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 22:59
Modified
2024-11-21 02:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB544961-B884-454E-AC8C-8E18E3B467DA",
"versionEndIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados, vulnerabilidades tambi\u00e9n conocidas como errores 104552 y 104703."
}
],
"id": "CVE-2016-3999",
"lastModified": "2024-11-21T02:51:07.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T22:59:00.703",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95921"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-23 20:55
Modified
2024-11-21 01:57
Severity ?
Summary
Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * | |
| synacor | zimbra_collaboration_suite | 6.0.0 | |
| synacor | zimbra_collaboration_suite | 6.0.1 | |
| synacor | zimbra_collaboration_suite | 6.0.2 | |
| synacor | zimbra_collaboration_suite | 6.0.3 | |
| synacor | zimbra_collaboration_suite | 6.0.4 | |
| synacor | zimbra_collaboration_suite | 6.0.5 | |
| synacor | zimbra_collaboration_suite | 6.0.6 | |
| synacor | zimbra_collaboration_suite | 6.0.7 | |
| synacor | zimbra_collaboration_suite | 6.0.8 | |
| synacor | zimbra_collaboration_suite | 6.0.9 | |
| synacor | zimbra_collaboration_suite | 6.0.10 | |
| synacor | zimbra_collaboration_suite | 6.0.12 | |
| synacor | zimbra_collaboration_suite | 6.0.13 | |
| synacor | zimbra_collaboration_suite | 6.0.14 | |
| synacor | zimbra_collaboration_suite | 6.0.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5C41E4-7628-464E-856C-2615A6F40892",
"versionEndIncluding": "6.0.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDEEE91-985C-419F-8C79-56C6A6FE9666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B93B6131-535D-41D6-A1BF-20A0D4F1A880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD98C1D-EB43-4AC7-8D62-3D9ABE1E98B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "494BC2CE-23C6-48CB-91E4-D825FBDE7F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "826748BF-8DEA-4BA0-8651-99F2BC665C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8012F95A-84BB-4852-A409-D8B29C96A87E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A295FE-9D43-42C7-AFC5-F9D034C1A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F9021F79-A54E-458A-B821-FF5432D5BFC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FD87DCF5-D590-499B-8990-0A65CF076E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD79ED8-C87C-43A9-B963-24E38327375B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0B55F989-EABF-465C-A550-85270B2ED6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADDAE9BA-BFA4-4313-9973-C29FB1E2E94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "708333B3-3D82-4119-9570-2390B4D889E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7D759BE2-4AA5-4770-B45D-5D765781F46A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C5AB0A39-C257-4F40-8925-F5A91CB37E05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token."
},
{
"lang": "es",
"value": "Zimbra Collaboration Suite (ZCS) 6.0.16 y anteriores permite a atacantes \"man-in-the-middle\" obtener acceso mediante la captura de tr\u00e1fico de red y reenviando el token ZM_AUTH_TOKEN."
}
],
"id": "CVE-2013-5119",
"lastModified": "2024-11-21T01:57:03.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-23T20:55:07.357",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0063.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/97290"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/62407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/97290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62407"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 22:59
Modified
2024-11-21 02:49
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB544961-B884-454E-AC8C-8E18E3B467DA",
"versionEndIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados, vulnerabilidades tambi\u00e9n conocida como errores 104222, 104910, 105071 y 105175."
}
],
"id": "CVE-2016-3407",
"lastModified": "2024-11-21T02:49:56.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T22:59:00.390",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95897"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 22:59
Modified
2024-11-21 02:49
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB544961-B884-454E-AC8C-8E18E3B467DA",
"versionEndIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados, vulnerabilidad tambi\u00e9n conocida como error 101813."
}
],
"id": "CVE-2016-3408",
"lastModified": "2024-11-21T02:49:56.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T22:59:00.420",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95923"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2016-3414
Vulnerability from cvelistv5
Published
2017-01-18 22:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95918 | vdb-entry, x_refsource_BID | |
| https://forums.zimbra.org/viewtopic.php?f=8&t=59816 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95918",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95918"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forums.zimbra.org/viewtopic.php?f=8\u0026t=59816"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95918",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95918"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forums.zimbra.org/viewtopic.php?f=8\u0026t=59816"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95918"
},
{
"name": "https://forums.zimbra.org/viewtopic.php?f=8\u0026t=59816",
"refsource": "CONFIRM",
"url": "https://forums.zimbra.org/viewtopic.php?f=8\u0026t=59816"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3414",
"datePublished": "2017-01-18T22:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5119
Vulnerability from cvelistv5
Published
2013-09-23 20:00
Modified
2024-09-16 17:33
Severity ?
EPSS score ?
Summary
Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/97290 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/62407 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2013-09/0063.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:50.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/97290"
},
{
"name": "62407",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62407"
},
{
"name": "20130913 Zimbra Collaboration Suite (ZCS) Session Replay Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0063.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-23T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "97290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/97290"
},
{
"name": "62407",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62407"
},
{
"name": "20130913 Zimbra Collaboration Suite (ZCS) Session Replay Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0063.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97290",
"refsource": "OSVDB",
"url": "http://osvdb.org/97290"
},
{
"name": "62407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62407"
},
{
"name": "20130913 Zimbra Collaboration Suite (ZCS) Session Replay Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0063.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5119",
"datePublished": "2013-09-23T20:00:00Z",
"dateReserved": "2013-08-13T00:00:00Z",
"dateUpdated": "2024-09-16T17:33:44.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-17938
Vulnerability from cvelistv5
Published
2018-10-03 08:00
Modified
2024-08-05 11:01
Severity ?
EPSS score ?
Summary
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.zimbra.com/show_bug.cgi?id=109021 | x_refsource_MISC | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.10 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109021"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T07:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109021"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109021",
"refsource": "MISC",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109021"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.10",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17938",
"datePublished": "2018-10-03T08:00:00",
"dateReserved": "2018-10-03T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15131
Vulnerability from cvelistv5
Published
2019-05-30 15:22
Modified
2024-08-05 09:46
Severity ?
EPSS score ?
Summary
An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.zimbra.com/show_bug.cgi?id=109012 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:25.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T15:22:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109012",
"refsource": "MISC",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15131",
"datePublished": "2019-05-30T15:22:03",
"dateReserved": "2018-08-07T00:00:00",
"dateUpdated": "2024-08-05T09:46:25.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17703
Vulnerability from cvelistv5
Published
2018-02-04 01:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.zimbra.com/show_bug.cgi?id=108265 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-04T01:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=108265",
"refsource": "CONFIRM",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108265"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17703",
"datePublished": "2018-02-04T01:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T20:59:17.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18631
Vulnerability from cvelistv5
Published
2019-05-29 21:28
Modified
2024-08-05 11:15
Severity ?
EPSS score ?
Summary
mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_MISC | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=109020 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:59.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-29T21:28:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109020",
"refsource": "MISC",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18631",
"datePublished": "2019-05-29T21:28:56",
"dateReserved": "2018-10-24T00:00:00",
"dateUpdated": "2024-08-05T11:15:59.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6980
Vulnerability from cvelistv5
Published
2019-05-29 21:10
Modified
2024-08-04 20:38
Severity ?
EPSS score ?
Summary
Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_MISC | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=109097 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:38:32.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-29T21:10:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109097",
"refsource": "MISC",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6980",
"datePublished": "2019-05-29T21:10:00",
"dateReserved": "2019-01-28T00:00:00",
"dateUpdated": "2024-08-04T20:38:32.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6813
Vulnerability from cvelistv5
Published
2017-05-23 03:56
Modified
2024-08-05 15:41
Severity ?
EPSS score ?
Summary
A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Security_Center | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98087 | vdb-entry, x_refsource_BID | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "98087",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98087"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T01:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "98087",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98087"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Security_Center",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "98087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98087"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6813",
"datePublished": "2017-05-23T03:56:00",
"dateReserved": "2017-03-11T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3403
Vulnerability from cvelistv5
Published
2017-05-17 14:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95383 | vdb-entry, x_refsource_BID | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6_Patch_8 | x_refsource_CONFIRM | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=100899 | x_refsource_CONFIRM | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=100885 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2017/Jan/30 | mailing-list, x_refsource_FULLDISC | |
| https://sysdream.com/news/lab/2017-01-12-cve-2016-3403-multiple-csrf-in-zimbra-administration-interface/ | x_refsource_MISC | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95383"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6_Patch_8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=100899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=100885"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "20170112 [CVE-2016-3403] [Zimbra] Multiple CSRF in Administration interface - all versions",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Jan/30"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sysdream.com/news/lab/2017-01-12-cve-2016-3403-multiple-csrf-in-zimbra-administration-interface/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-25T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95383"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6_Patch_8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=100899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=100885"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "20170112 [CVE-2016-3403] [Zimbra] Multiple CSRF in Administration interface - all versions",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Jan/30"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sysdream.com/news/lab/2017-01-12-cve-2016-3403-multiple-csrf-in-zimbra-administration-interface/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95383"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6_Patch_8",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6_Patch_8"
},
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=100899",
"refsource": "CONFIRM",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=100899"
},
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=100885",
"refsource": "CONFIRM",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=100885"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "20170112 [CVE-2016-3403] [Zimbra] Multiple CSRF in Administration interface - all versions",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Jan/30"
},
{
"name": "https://sysdream.com/news/lab/2017-01-12-cve-2016-3403-multiple-csrf-in-zimbra-administration-interface/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2017-01-12-cve-2016-3403-multiple-csrf-in-zimbra-administration-interface/"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3403",
"datePublished": "2017-05-17T14:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3408
Vulnerability from cvelistv5
Published
2017-01-18 22:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95923 | vdb-entry, x_refsource_BID | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "95923",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "95923",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "95923",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95923"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3408",
"datePublished": "2017-01-18T22:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7609
Vulnerability from cvelistv5
Published
2019-05-30 19:21
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Security_Center | x_refsource_MISC | |
| https://www.fortiguard.com/zeroday/FG-VD-15-080 | x_refsource_MISC | |
| https://www.fortiguard.com/zeroday/FG-VD-15-081 | x_refsource_MISC | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=101435 | x_refsource_MISC | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=101436 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-15-080"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-15-081"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=101435"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=101436"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T19:21:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-15-080"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-15-081"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=101435"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=101436"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Security_Center",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "https://www.fortiguard.com/zeroday/FG-VD-15-080",
"refsource": "MISC",
"url": "https://www.fortiguard.com/zeroday/FG-VD-15-080"
},
{
"name": "https://www.fortiguard.com/zeroday/FG-VD-15-081",
"refsource": "MISC",
"url": "https://www.fortiguard.com/zeroday/FG-VD-15-081"
},
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=101435",
"refsource": "MISC",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=101435"
},
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=101436",
"refsource": "MISC",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=101436"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7609",
"datePublished": "2019-05-30T19:21:11",
"dateReserved": "2015-09-30T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-18985
Vulnerability from cvelistv5
Published
2021-12-15 22:17
Modified
2024-08-04 14:08
Severity ?
EPSS score ?
Summary
An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/buxu/bug/issues/3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/buxu/bug/issues/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-15T22:17:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/buxu/bug/issues/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-18985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/buxu/bug/issues/3",
"refsource": "MISC",
"url": "https://github.com/buxu/bug/issues/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18985",
"datePublished": "2021-12-15T22:17:29",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:08:30.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-14013
Vulnerability from cvelistv5
Published
2019-05-29 21:24
Modified
2024-08-05 09:21
Severity ?
EPSS score ?
Summary
Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/151472/Zimbra-Collaboration-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2019/Feb/3 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2019/01/30/1 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/106787 | x_refsource_MISC | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_MISC | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=109018 | x_refsource_MISC | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=109017 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:21:40.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151472/Zimbra-Collaboration-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/01/30/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106787"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109018"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-29T21:24:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151472/Zimbra-Collaboration-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2019/01/30/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/106787"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109018"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151472/Zimbra-Collaboration-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151472/Zimbra-Collaboration-Cross-Site-Scripting.html"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Feb/3",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Feb/3"
},
{
"name": "http://www.openwall.com/lists/oss-security/2019/01/30/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2019/01/30/1"
},
{
"name": "http://www.securityfocus.com/bid/106787",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/106787"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109018",
"refsource": "MISC",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109018"
},
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109017",
"refsource": "MISC",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14013",
"datePublished": "2019-05-29T21:24:02",
"dateReserved": "2018-07-12T00:00:00",
"dateUpdated": "2024-08-05T09:21:40.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10949
Vulnerability from cvelistv5
Published
2018-05-10 01:00
Modified
2024-09-17 04:04
Severity ?
EPSS score ?
Summary
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.zimbra.com/show_bug.cgi?id=108962 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the \"HTTP 404 - account is not active\" and \"HTTP 401 - must authenticate\" errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the \"HTTP 404 - account is not active\" and \"HTTP 401 - must authenticate\" errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=108962",
"refsource": "MISC",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10949",
"datePublished": "2018-05-10T01:00:00Z",
"dateReserved": "2018-05-09T00:00:00Z",
"dateUpdated": "2024-09-17T04:04:39.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3405
Vulnerability from cvelistv5
Published
2017-01-18 22:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95886 | vdb-entry, x_refsource_BID | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95886",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95886",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95886",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95886"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3405",
"datePublished": "2017-01-18T22:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3406
Vulnerability from cvelistv5
Published
2017-01-18 22:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95890 | vdb-entry, x_refsource_BID | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=104456 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=104294 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "95890",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=104456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=104294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "95890",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=104456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=104294"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "95890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95890"
},
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=104456",
"refsource": "CONFIRM",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=104456"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=104294",
"refsource": "CONFIRM",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=104294"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3406",
"datePublished": "2017-01-18T22:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20160
Vulnerability from cvelistv5
Published
2019-05-29 21:12
Modified
2024-08-05 11:51
Severity ?
EPSS score ?
Summary
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_MISC | |
| https://wiki.zimbra.com/wiki/Security_Center | x_refsource_MISC | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=109093 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:19.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-29T21:12:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "https://wiki.zimbra.com/wiki/Security_Center",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109093",
"refsource": "MISC",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20160",
"datePublished": "2019-05-29T21:12:00",
"dateReserved": "2018-12-15T00:00:00",
"dateUpdated": "2024-08-05T11:51:19.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3415
Vulnerability from cvelistv5
Published
2017-01-18 22:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95917 | vdb-entry, x_refsource_BID | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95917",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95917"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95917",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95917"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95917"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3415",
"datePublished": "2017-01-18T22:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3569
Vulnerability from cvelistv5
Published
2022-10-17 22:45
Modified
2024-09-16 20:12
Severity ?
EPSS score ?
Summary
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synacor | Zimbra Collaboration Suite (ZCS) |
Version: 9.0.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:02.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/ldsopreload/status/1580539318879547392"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/17141"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zimbra Collaboration Suite (ZCS)",
"vendor": "Synacor",
"versions": [
{
"lessThanOrEqual": "9.0.0",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Originally reported by Twitter user @ldsopreload, validated by Ron Bowes of Rapid7"
}
],
"datePublic": "2022-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the \u0027zimbra\u0027 user can effectively coerce postfix into running arbitrary commands as \u0027root\u0027."
}
],
"exploits": [
{
"lang": "en",
"value": "A public Metasploit module exists for this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-271",
"description": "CWE-271 Privilege Dropping / Lowering Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-19T00:00:00",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://twitter.com/ldsopreload/status/1580539318879547392"
},
{
"url": "https://github.com/rapid7/metasploit-framework/pull/17141"
},
{
"url": "http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html"
}
],
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-3569",
"datePublished": "2022-10-17T22:45:11.553282Z",
"dateReserved": "2022-10-17T00:00:00",
"dateUpdated": "2024-09-16T20:12:14.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6821
Vulnerability from cvelistv5
Published
2017-05-23 03:56
Modified
2024-08-05 15:41
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Security_Center | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98090 | vdb-entry, x_refsource_BID | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "98090",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98090"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T01:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "98090",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98090"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Security_Center",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "98090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98090"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6821",
"datePublished": "2017-05-23T03:56:00",
"dateReserved": "2017-03-11T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8633
Vulnerability from cvelistv5
Published
2020-02-18 21:17
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-18T21:17:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8633",
"datePublished": "2020-02-18T21:17:08",
"dateReserved": "2020-02-05T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3401
Vulnerability from cvelistv5
Published
2017-01-18 22:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95860 | vdb-entry, x_refsource_BID | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95860",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95860"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-31T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95860",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95860"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95860"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3401",
"datePublished": "2017-01-18T22:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3409
Vulnerability from cvelistv5
Published
2017-01-18 22:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95896 | vdb-entry, x_refsource_BID | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "95896",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95896"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "95896",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95896"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "95896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95896"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3409",
"datePublished": "2017-01-18T22:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6882
Vulnerability from cvelistv5
Published
2018-03-27 16:00
Modified
2025-02-07 16:38
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Mar/52 | mailing-list, x_refsource_FULLDISC | |
| https://www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.html | x_refsource_MISC | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7 | x_refsource_CONFIRM | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=108786 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/541891/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:16.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180324 Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108786"
},
{
"name": "20180324 Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/541891/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-6882",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:27:50.747691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-19",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-6882"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:38:20.053Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180324 Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108786"
},
{
"name": "20180324 Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/541891/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180324 Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/52"
},
{
"name": "https://www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.html",
"refsource": "MISC",
"url": "https://www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.html"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7"
},
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=108786",
"refsource": "CONFIRM",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108786"
},
{
"name": "20180324 Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541891/100/0/threaded"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6882",
"datePublished": "2018-03-27T16:00:00.000Z",
"dateReserved": "2018-02-09T00:00:00.000Z",
"dateUpdated": "2025-02-07T16:38:20.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7288
Vulnerability from cvelistv5
Published
2017-05-23 03:56
Modified
2024-08-05 15:56
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98081 | vdb-entry, x_refsource_BID | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.1 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98081",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98081"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98081",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98081"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98081"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.1",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.1"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7288",
"datePublished": "2017-05-23T03:56:00",
"dateReserved": "2017-03-28T00:00:00",
"dateUpdated": "2024-08-05T15:56:36.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6981
Vulnerability from cvelistv5
Published
2019-05-29 21:14
Modified
2024-08-04 20:38
Severity ?
EPSS score ?
Summary
Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_MISC | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=109096 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:38:32.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109096"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-29T21:14:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109096"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109096",
"refsource": "MISC",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109096"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6981",
"datePublished": "2019-05-29T21:14:38",
"dateReserved": "2019-01-28T00:00:00",
"dateUpdated": "2024-08-04T20:38:32.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4019
Vulnerability from cvelistv5
Published
2017-01-18 22:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95922 | vdb-entry, x_refsource_BID | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:29.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95922",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95922"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95922",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95922"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95922"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4019",
"datePublished": "2017-01-18T22:00:00",
"dateReserved": "2016-04-14T00:00:00",
"dateUpdated": "2024-08-06T00:17:29.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7610
Vulnerability from cvelistv5
Published
2018-05-30 21:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-zimbra-8-7-11-patch-2/ | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Security_Center | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10 | x_refsource_CONFIRM | |
| https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8-7-11-patch-3-zimbra-8-6-0-patch-10/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-zimbra-8-7-11-patch-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8-7-11-patch-3-zimbra-8-6-0-patch-10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-30T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-zimbra-8-7-11-patch-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8-7-11-patch-3-zimbra-8-6-0-patch-10/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-zimbra-8-7-11-patch-2/",
"refsource": "CONFIRM",
"url": "https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-zimbra-8-7-11-patch-2/"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2"
},
{
"name": "https://wiki.zimbra.com/wiki/Security_Center",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10"
},
{
"name": "https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8-7-11-patch-3-zimbra-8-6-0-patch-10/",
"refsource": "CONFIRM",
"url": "https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8-7-11-patch-3-zimbra-8-6-0-patch-10/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7610",
"datePublished": "2018-05-30T21:00:00",
"dateReserved": "2015-09-30T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7796
Vulnerability from cvelistv5
Published
2020-02-18 21:14
Modified
2024-08-04 09:41
Severity ?
EPSS score ?
Summary
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:41:01.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-18T21:14:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7796",
"datePublished": "2020-02-18T21:14:22",
"dateReserved": "2020-01-22T00:00:00",
"dateUpdated": "2024-08-04T09:41:01.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-18984
Vulnerability from cvelistv5
Published
2021-12-15 22:17
Modified
2024-08-04 14:08
Severity ?
EPSS score ?
Summary
A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/buxu/bug/issues/2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/buxu/bug/issues/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-15T22:17:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/buxu/bug/issues/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-18984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/buxu/bug/issues/2",
"refsource": "MISC",
"url": "https://github.com/buxu/bug/issues/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18984",
"datePublished": "2021-12-15T22:17:28",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:08:30.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3411
Vulnerability from cvelistv5
Published
2017-01-18 22:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95901 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/45177/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "95901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95901"
},
{
"name": "45177",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45177/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-12T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "95901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95901"
},
{
"name": "45177",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45177/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "95901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95901"
},
{
"name": "45177",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45177/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3411",
"datePublished": "2017-01-18T22:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8783
Vulnerability from cvelistv5
Published
2018-02-04 01:00
Modified
2024-08-05 16:48
Severity ?
EPSS score ?
Summary
Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Security_Center | x_refsource_CONFIRM | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=107878 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=107885 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107878"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107885"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-04T01:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107878"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107885"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Security_Center",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=107878",
"refsource": "CONFIRM",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107878"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=107885",
"refsource": "CONFIRM",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107885"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8783",
"datePublished": "2018-02-04T01:00:00",
"dateReserved": "2017-05-04T00:00:00",
"dateUpdated": "2024-08-05T16:48:22.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10948
Vulnerability from cvelistv5
Published
2019-05-30 17:11
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.zimbra.com/show_bug.cgi?id=107948 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107948"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T17:11:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107948"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=107948",
"refsource": "MISC",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107948"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10948",
"datePublished": "2019-05-30T17:11:12",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-08-05T07:54:36.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3412
Vulnerability from cvelistv5
Published
2017-01-18 22:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95899 | vdb-entry, x_refsource_BID | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95899",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95899",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95899"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3412",
"datePublished": "2017-01-18T22:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10950
Vulnerability from cvelistv5
Published
2018-05-10 01:00
Modified
2024-09-17 01:11
Severity ?
EPSS score ?
Summary
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.zimbra.com/show_bug.cgi?id=108963 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:35.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108963"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108963"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=108963",
"refsource": "MISC",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108963"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10950",
"datePublished": "2018-05-10T01:00:00Z",
"dateReserved": "2018-05-09T00:00:00Z",
"dateUpdated": "2024-09-17T01:11:38.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3407
Vulnerability from cvelistv5
Published
2017-01-18 22:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95897 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "95897",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95897"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "95897",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95897"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "95897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95897"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3407",
"datePublished": "2017-01-18T22:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3999
Vulnerability from cvelistv5
Published
2017-01-18 22:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95921 | vdb-entry, x_refsource_BID | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "95921",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95921"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "95921",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95921"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "95921",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95921"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3999",
"datePublished": "2017-01-18T22:00:00",
"dateReserved": "2016-04-12T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-14425
Vulnerability from cvelistv5
Published
2019-05-30 17:07
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_MISC | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=108970 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108970"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T17:07:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108970"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=108970",
"refsource": "MISC",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108970"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14425",
"datePublished": "2019-05-30T17:07:11",
"dateReserved": "2018-07-19T00:00:00",
"dateUpdated": "2024-08-05T09:29:51.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10951
Vulnerability from cvelistv5
Published
2018-05-10 01:00
Modified
2024-09-17 01:37
Severity ?
EPSS score ?
Summary
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.zimbra.com/show_bug.cgi?id=108894 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:35.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108894"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108894"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=108894",
"refsource": "MISC",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108894"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10951",
"datePublished": "2018-05-10T01:00:00Z",
"dateReserved": "2018-05-09T00:00:00Z",
"dateUpdated": "2024-09-17T01:37:08.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7091
Vulnerability from cvelistv5
Published
2013-12-13 18:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/64149 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/124321 | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/30472 | exploit, x_refsource_EXPLOIT-DB | |
| http://osvdb.org/100747 | vdb-entry, x_refsource_OSVDB | |
| http://www.exploit-db.com/exploits/30085 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89527 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64149",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64149"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124321"
},
{
"name": "30472",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30472"
},
{
"name": "100747",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100747"
},
{
"name": "30085",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30085"
},
{
"name": "zimbra-multiple-file-include(89527)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89527"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-15T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64149",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64149"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124321"
},
{
"name": "30472",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30472"
},
{
"name": "100747",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100747"
},
{
"name": "30085",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30085"
},
{
"name": "zimbra-multiple-file-include(89527)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89527"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64149",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64149"
},
{
"name": "http://packetstormsecurity.com/files/124321",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124321"
},
{
"name": "30472",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30472"
},
{
"name": "100747",
"refsource": "OSVDB",
"url": "http://osvdb.org/100747"
},
{
"name": "30085",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30085"
},
{
"name": "zimbra-multiple-file-include(89527)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89527"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7091",
"datePublished": "2013-12-13T18:00:00",
"dateReserved": "2013-12-13T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3413
Vulnerability from cvelistv5
Published
2017-01-18 22:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95895 | vdb-entry, x_refsource_BID | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95895",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95895"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95895",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95895"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95895"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3413",
"datePublished": "2017-01-18T22:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3410
Vulnerability from cvelistv5
Published
2017-01-18 22:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95900 | vdb-entry, x_refsource_BID | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95900",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95900"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95900",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95900"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95900"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3410",
"datePublished": "2017-01-18T22:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3404
Vulnerability from cvelistv5
Published
2017-01-18 22:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95894 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "95894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95894"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "95894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95894"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "95894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95894"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3404",
"datePublished": "2017-01-18T22:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12846
Vulnerability from cvelistv5
Published
2020-06-03 16:21
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as an avatar image for a contact. A user will receive a "Corrupt File" error, but the file is still uploaded and stored locally in /opt/zimbra/data/tmp/upload/, leaving it open to possible remote execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_MISC | |
| https://wiki.zimbra.com/wiki/Security_Center | x_refsource_MISC | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P3 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as an avatar image for a contact. A user will receive a \"Corrupt File\" error, but the file is still uploaded and stored locally in /opt/zimbra/data/tmp/upload/, leaving it open to possible remote execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-03T16:21:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as an avatar image for a contact. A user will receive a \"Corrupt File\" error, but the file is still uploaded and stored locally in /opt/zimbra/data/tmp/upload/, leaving it open to possible remote execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "https://wiki.zimbra.com/wiki/Security_Center",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P3",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12846",
"datePublished": "2020-06-03T16:21:20",
"dateReserved": "2020-05-14T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9924
Vulnerability from cvelistv5
Published
2017-03-29 14:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Security_Center | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97121 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "97121",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97121"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T13:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "97121",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97121"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Security_Center",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "97121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97121"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9924",
"datePublished": "2017-03-29T14:00:00",
"dateReserved": "2016-12-11T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13653
Vulnerability from cvelistv5
Published
2020-07-02 15:15
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing an e-mail signature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_MISC | |
| https://wiki.zimbra.com/wiki/Security_Center | x_refsource_MISC | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P11 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user\u0027s profile. The injected code can be reflected and executed when changing an e-mail signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-02T15:15:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user\u0027s profile. The injected code can be reflected and executed when changing an e-mail signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "https://wiki.zimbra.com/wiki/Security_Center",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P11",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P11"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P4",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13653",
"datePublished": "2020-07-02T15:15:44",
"dateReserved": "2020-05-28T00:00:00",
"dateUpdated": "2024-08-04T12:25:16.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-9670
Vulnerability from cvelistv5
Published
2019-05-29 21:04
Modified
2025-02-07 14:07
Severity ?
EPSS score ?
Summary
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_MISC | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=109129 | x_refsource_MISC | |
| http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce | x_refsource_MISC | |
| http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/46693/ | exploit, x_refsource_EXPLOIT-DB | |
| https://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109129"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html"
},
{
"name": "46693",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46693/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-9670",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T14:01:10.436151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-01-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-9670"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T14:07:36.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-26T12:43:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109129"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html"
},
{
"name": "46693",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46693/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109129",
"refsource": "MISC",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109129"
},
{
"name": "http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce"
},
{
"name": "http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html"
},
{
"name": "46693",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46693/"
},
{
"name": "https://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570/",
"refsource": "MISC",
"url": "https://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9670",
"datePublished": "2019-05-29T21:04:28.000Z",
"dateReserved": "2019-03-11T00:00:00.000Z",
"dateUpdated": "2025-02-07T14:07:36.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3402
Vulnerability from cvelistv5
Published
2017-01-18 22:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95887 | vdb-entry, x_refsource_BID | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95887"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95887"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95887"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3402",
"datePublished": "2017-01-18T22:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-08-05T23:56:13.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10939
Vulnerability from cvelistv5
Published
2018-05-30 21:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.zimbra.com/wiki/Security_Center | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P4 | x_refsource_CONFIRM | |
| https://blog.zimbra.com/2018/05/new-zimbra-patches-8-8-8-patch-4-and-8-7-11-patch-4/ | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P4 | x_refsource_CONFIRM | |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:35.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zimbra.com/2018/05/new-zimbra-patches-8-8-8-patch-4-and-8-7-11-patch-4/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-30T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zimbra.com/2018/05/new-zimbra-patches-8-8-8-patch-4-and-8-7-11-patch-4/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Security_Center",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P4",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P4"
},
{
"name": "https://blog.zimbra.com/2018/05/new-zimbra-patches-8-8-8-patch-4-and-8-7-11-patch-4/",
"refsource": "CONFIRM",
"url": "https://blog.zimbra.com/2018/05/new-zimbra-patches-8-8-8-patch-4-and-8-7-11-patch-4/"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P4",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P4"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10939",
"datePublished": "2018-05-30T21:00:00",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-08-05T07:54:35.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}