Skip to main content

Collaboration

32 CVEs product

Monthly

CVE-2025-27914 MEDIUM This Month

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-45518 HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE XSS Command Injection Collaboration
NVD
CVSS 3.1
8.8
EPSS
20.3%
CVE-2024-33536 MEDIUM This Month

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-33535 HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Collaboration
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-33533 MEDIUM This Month

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-27443 MEDIUM POC KEV THREAT This Month

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
19.5%
CVE-2024-27442 HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Collaboration
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-43103 MEDIUM PATCH This Month

An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-43102 MEDIUM PATCH This Month

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41106 HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Collaboration
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-34193 HIGH This Week

File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Collaboration
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-29382 CRITICAL Act Now

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Collaboration
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-29381 CRITICAL Act Now

An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Collaboration
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24032 HIGH PATCH This Week

In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Privilege Escalation Command Injection Collaboration
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-24031 MEDIUM This Month

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24030 MEDIUM This Month

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-45912 HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Collaboration
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-41351 MEDIUM This Month

In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41350 MEDIUM This Month

In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41349 MEDIUM This Month

In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41348 MEDIUM This Month

An issue was discovered in Zimbra Collaboration (ZCS) 9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41347 HIGH POC PATCH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Nginx Information Disclosure Collaboration
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-37393 HIGH POC Act Now

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Collaboration
NVD GitHub
CVSS 3.1
7.8
EPSS
1.7%
CVE-2022-37044 MEDIUM PATCH This Month

In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-37043 MEDIUM PATCH This Month

An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Collaboration
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2022-37041 HIGH PATCH This Week

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Java Collaboration
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-32294 CRITICAL Act Now

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Collaboration
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-35209 CRITICAL POC Act Now

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Collaboration
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-35208 MEDIUM POC This Month

An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Collaboration
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-35207 MEDIUM This Month

An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
3.3%
CVE-2021-34807 MEDIUM This Month

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Collaboration
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-35123 MEDIUM This Month

In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Collaboration
NVD
CVSS 3.1
6.5
EPSS
1.5%
EPSS 0% CVSS 5.4
MEDIUM This Month

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
EPSS 20% CVSS 8.8
HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE XSS +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Collaboration
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
EPSS 20% CVSS 6.1
MEDIUM POC KEV THREAT This Month

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Collaboration
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Collaboration
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Collaboration
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Collaboration
NVD
EPSS 1% CVSS 8.8
HIGH This Week

File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Collaboration
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Collaboration
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Collaboration
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Privilege Escalation Command Injection Collaboration
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS Collaboration
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Collaboration
NVD
EPSS 1% CVSS 7.2
HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Collaboration
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An issue was discovered in Zimbra Collaboration (ZCS) 9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS Collaboration
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Nginx Information Disclosure Collaboration
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC Act Now

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Collaboration
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Collaboration
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Collaboration
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Java Collaboration
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Collaboration
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Collaboration
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Collaboration
NVD
EPSS 3% CVSS 6.1
MEDIUM This Month

An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Collaboration
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Collaboration
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy