Zimbra

Collaboration

54 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-34193

  • EPSS 0.34%
  • Veröffentlicht 06.07.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:06:44

File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.

9.8

CVE-2023-29382

  • EPSS 0.57%
  • Veröffentlicht 06.07.2023 16:15:09
  • Zuletzt bearbeitet 21.11.2024 07:56:58

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.

9.8

CVE-2023-29381

  • EPSS 1.4%
  • Veröffentlicht 06.07.2023 16:15:09
  • Zuletzt bearbeitet 21.11.2024 07:56:57

An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.

7.8

CVE-2023-24032

  • EPSS 0.07%
  • Veröffentlicht 15.06.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 07:47:17

In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).

6.1

CVE-2023-24031

  • EPSS 0.36%
  • Veröffentlicht 15.06.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 07:47:17

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure.

6.1

CVE-2023-24030

  • EPSS 0.11%
  • Veröffentlicht 15.06.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 07:47:17

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the tok...

6.1

CVE-2022-45913

  • EPSS 0.45%
  • Veröffentlicht 06.01.2023 23:15:09
  • Zuletzt bearbeitet 09.04.2025 21:15:43

An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in webmail URLs to execute arbitrary JavaScript code, leading to information disclosure.

6.1

CVE-2022-45911

  • EPSS 0.45%
  • Veröffentlicht 06.01.2023 23:15:09
  • Zuletzt bearbeitet 09.04.2025 21:15:42

An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacke...

7.2

CVE-2022-45912

  • EPSS 2.06%
  • Veröffentlicht 05.12.2022 22:15:11
  • Zuletzt bearbeitet 24.04.2025 14:15:44

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse...

6.1

CVE-2022-41351

  • EPSS 0.66%
  • Veröffentlicht 12.10.2022 20:15:11
  • Zuletzt bearbeitet 15.05.2025 15:16:04

In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10).