Zimbra Security Advisories: Difference between revisions
(→Zimbra Collaboration - Security Vulnerability Advisories: add info on CVE-2015-6541 CSRF / CWE-352) |
(bug 108265 CVSSv2 scoring should be 4.3) |
||
(28 intermediate revisions by 2 users not shown) | |||
Line 25: | Line 25: | ||
<tr> | <tr> | ||
<td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=108786 108786]</td> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id= | <td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id= | <td>CVE-2018-6882</td> | ||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | |||
<td>Minor</td> | |||
<td>''8.7 Patch 1 (est.)''<br/>''8.8.7 (est.)''</td> | |||
<td>Stephan Kaag of Securify</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=108265 108265]</td> | |||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2017-17703 CVE-2017-17703]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | |||
<td>Minor</td> | |||
<td>8.6.0 Patch 9<br/>''8.7 Patch 1 (est)''<br/>8.8.3</td> | |||
<td>Veit Hailperin</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=107963 107963]</td> | |||
<td>Host header injection [https://cwe.mitre.org/data/definitions/20.html CWE-20]</td> | |||
<td>-</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | |||
<td>Minor</td> | |||
<td>8.8.0 Beta2</td> | |||
<td>-</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=107948 107948] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=107949 107949] | |||
</td> | </td> | ||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>-</td> | <td>-</td> | ||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | |||
<td>Minor</td> | |||
<td>8.8.0 Beta2</td> | |||
<td>Lucideus & Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=107925 107925]</td> | |||
<td>Persistent XSS - snippet [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2017-8802 CVE-2017-8802]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | |||
<td>Minor</td> | |||
<td>8.6.0 Patch9<br/>''8.7 Patch 1 (est)''<br/>8.8.0 Beta2</td> | |||
<td>Compass Security</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=107878 107878]</td> | |||
<td>Persistent XSS - location [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2017-8783 CVE-2017-8783]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:S/C:N/I:P/A:N) 4.0]</td> | |||
<td>Minor</td> | |||
<td>8.7.10</td> | |||
<td>Stephan Kaag of Securify</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=107712 107712]</td> | |||
<td>Improper limitation of file paths [https://cwe.mitre.org/data/definitions/22.html CWE-22]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2017-6821 CVE-2017-6821]</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:S/C:N/I:P/A:N) 4.0]</td> | |||
<td>Minor</td> | |||
<td>8.7.6</td> | |||
<td>Greg Solovyev, Phil Pearl</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=107684 107684]</td> | |||
<td>Improper handling of privileges [https://cwe.mitre.org/data/definitions/280.html CWE-280]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2017-6813 CVE-2017-6813]</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:S/C:N/I:P/A:N) 4.0]</td> | |||
<td>Major</td> | |||
<td>8.7.6</td> | |||
<td>Greg Solovyev</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=106811 106811]</td> | |||
<td>Limited XXE [https://cwe.mitre.org/data/definitions/611.html CWE-611]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2016-9924 CVE-2016-9924]</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3]</td> | |||
<td>Minor</td> | |||
<td>8.7.4</td> | |||
<td>Alastair Gray</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=106612 106612]</td> | |||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7288 CVE-2017-7288]</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | |||
<td>Minor</td> | |||
<td>8.7.1</td> | |||
<td>Sammy Forgit</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=105001 105001] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=105174 105174]</td> | |||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>CVE-2016-5721</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:S/C:N/I:P/A:N) 2.1]</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Secu</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104552 104552] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104703 104703]</td> | |||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>CVE-2016-3999</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Nam Habach</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104477 104477]</td> | |||
<td><!-- [http://cwe.mitre.org/data/definitions/601.html CWE-601] -->-</td> | |||
<td>CVE-2016-4019</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104294 104294] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104456 104456]</td> | |||
<td>CSRF [http://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | |||
<td>CVE-2016-3406</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td> | |||
<td>Minor</td> | |||
<td>8.6.0 Patch8 <br /> 8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104222 104222] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104910 104910] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=105071 105071] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=105175 105175]</td> | |||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>CVE-2016-3407</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:S/C:N/I:P/A:N) 2.1]</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103997 103997] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104413 104413] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104414 104414] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104777 104777] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104791 104791]</td> | |||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>CVE-2016-3412</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5]</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103996 103996]</td> | |||
<td><!-- [http://cwe.mitre.org/data/definitions/611.html CWE-611] -->-</td> | |||
<td>CVE-2016-3413</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103961 103961] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104828 104828]</td> | |||
<td>CSRF [http://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | |||
<td>CVE-2016-3405</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | |||
<td>Minor</td> | |||
<td>8.6.0 Patch8 <br /> 8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103959 103959]</td> | |||
<td>CSRF [http://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | |||
<td>CVE-2016-3404</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | |||
<td>Minor</td> | |||
<td>8.6.0 Patch8 <br /> 8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103956 103956] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=103995 103995] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104475 104475] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104838 104838] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104839 104839]</td> | |||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>CVE-2016-3410</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103609 103609]</td> | |||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>CVE-2016-3411</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102637 102637]</td> | |||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>CVE-2016-3409</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Peter Nguyen</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102276 102276]</td> | |||
<td>[https://cwe.mitre.org/data/definitions/502.html CWE-502]</td> | |||
<td>CVE-2016-3415</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | |||
<td>Major</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102227 102227]</td> | |||
<td>[https://cwe.mitre.org/data/definitions/502.html CWE-502]</td> | |||
<td>n/a</td> | |||
<td>7.5</td> | |||
<td>Major</td> | |||
<td>8.7.0</td> | |||
<td>Upstream, see <br /> CVE-2015-4852</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102029 102029]</td> | |||
<td>[https://cwe.mitre.org/data/definitions/674.html CWE-674]</td> | |||
<td>CVE-2016-3414</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:S/C:N/I:N/A:P) 4.0]</td> | |||
<td>Minor</td> | |||
<td>8.6.0 Patch7 <br /> 8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101813 101813]</td> | |||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>CVE-2016-3408</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Volexity</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=100885 100885] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=100899 100899]</td> | |||
<td>CSRF [http://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | |||
<td>[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3403 CVE-2016-3403]</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | |||
<td>Major</td> | |||
<td>8.6.0 Patch8 <br /> 8.7.0</td> | |||
<td>Sysdream</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99810 99810]</td> | |||
<td><!-- [http://cwe.mitre.org/data/definitions/284.html CWE-284] [http://cwe.mitre.org/data/definitions/203.html CWE-203] -->-</td> | |||
<td>CVE-2016-3401</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99167 99167]</td> | |||
<td><!-- [http://cwe.mitre.org/data/definitions/203.html CWE-203] -->-</td> | |||
<td>CVE-2016-3402</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6]</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101435 101435] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=101436 101436]</td> | |||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>CVE-2015-7609</td> | <td>CVE-2015-7609</td> | ||
<td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4]<br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.3]</td> | ||
6.4<br /> | |||
(2.3 | |||
</td> | |||
<td>Major</td> | <td>Major</td> | ||
<td>8.6.0 Patch5</td> | <td>8.6.0 Patch5 <br /> 8.7.0</td> | ||
<td> | <td>Fortinet's FortiGuard Labs</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101559 101559] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=100133 100133] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=99854 99854] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=99914 99914] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=96973 96973]</td> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=101559 101559] | <td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=100133 100133] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=99854 99854] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=99914 99914] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=96973 96973] | |||
</td> | |||
<td>-</td> | |||
<td>CVE-2015-2249</td> | <td>CVE-2015-2249</td> | ||
<td>3.5</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch5</td> | <td>8.6.0 Patch5 <br /> 8.7.0</td> | ||
<td> | <td>Zimbra</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99236 99236]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99236 99236]</td> | ||
<td> | <td>XSS Vuln in YUI components in ZCS</td> | ||
<td | <td>n/a</td> | ||
<td>4.3</td> | <td>4.3</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch5</td> | <td>8.6.0 Patch5</td> | ||
<td>-</td> | <td style="white-space:nowrap">Upstream, see <br /> CVE-2012-5881 <br /> CVE-2012-5882 <br /> CVE-2012-5883</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=98358 98358] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=98216 98216] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=98215 98215]</td> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=98358 98358] | <td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=98216 98216] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=98215 98215] | |||
</td> | |||
<td>Non-Persistent XSS [CWE-79]</td> | |||
<td>CVE-2015-2249</td> | <td>CVE-2015-2249</td> | ||
<td>4.3</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch2</td> | <td>8.6.0 Patch2 <br /> 8.7.0</td> | ||
<td> | <td>Cure53</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=97625 97625]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=97625 97625]</td> | ||
<td> | <td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2015-2230</td> | <td>CVE-2015-2230</td> | ||
<td>3.5</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch2</td> | <td>8.6.0 Patch2</td> | ||
<td> | <td>MWR InfoSecurity</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=96105 96105]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=96105 96105]</td> | ||
<td>Improper Input Validation [CWE-20]</td> | <td>Improper Input Validation [https://cwe.mitre.org/data/definitions/20.html CWE-20]</td> | ||
<td>CVE-2014-8563</td> | <td>CVE-2014-8563</td> | ||
<td>5.8</td> | <td>[http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td> | <td>8.0.9 <br /> 8.5.1<br /> 8.6.0</td> | ||
8.0.9<br /> | <td> -</td> | ||
8.5.1<br /> | |||
8.6.0 | |||
</td> | |||
<td>-</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=83547 83547]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=83547 83547]</td> | ||
<td>CSRF Vulnerability [CWE-352]</td> | <td>CSRF Vulnerability [https://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | ||
<td>CVE-2015-6541</td> | <td>CVE-2015-6541</td> | ||
<td>5.8</td> | <td>[http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.5.0</td> | <td>8.5.0</td> | ||
<td> | <td>iSEC Partners, Sysdream</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=92825 92825] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=92833 92833] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=92835 92835]</td> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412] | <td>XSS Vulnerabilities [https://cwe.mitre.org/data/definitions/79.html CWE-79] <br /> (8.0.7 Patch <br /> contains [https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412])</td> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=92825 92825] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=92833 92833] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=92835 92835] | |||
</td> | |||
<td> | |||
XSS Vulnerabilities [CWE-79]<br /> | |||
(8.0.7 Patch<br /> | |||
contains [https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412]) | |||
</td> | |||
<td>CVE-2014-5500</td> | <td>CVE-2014-5500</td> | ||
<td>4.3</td> | <td>[http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td> | <td>8.0.8 <br /> 8.5.0</td> | ||
8.0.8<br /> | <td> -</td> | ||
8.5.0 | |||
</td> | |||
<td>-</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=83550 83550]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=83550 83550]</td> | ||
<td>CWE-384 | <td>Session Fixation [https://cwe.mitre.org/data/definitions/384.html CWE-384]</td> | ||
<td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5119 CVE-2013-5119]</td> | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5119 CVE-2013-5119]</td> | ||
<td>5.8</td> | <td>[http://nvd.nist.gov/cvss.cfm?version=2&vector=(AV:N/AC:M/AU:N/C:P/I:P/A:N) 5.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.5.0</td> | <td>8.5.0</td> | ||
<td>-</td> | <td>- </td> | ||
</tr> | </tr> | ||
Line 149: | Line 412: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=91484 91484]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=91484 91484]</td> | ||
<td>Patch ZCS8 OpenSSL for CVE-2014-0224</td> | <td>Patch ZCS8 OpenSSL for CVE-2014-0224</td> | ||
<td | <td>n/a</td> | ||
<td>6.8</td> | <td>6.8</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td style="white-space:nowrap"> | <td style="white-space:nowrap"> | ||
8.0.3+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]<br /> 8.0.4+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]<br /> 8.0.5+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]<br /> 8.0.6+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]<br /> 8.0.7+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]< | 8.0.3+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.4+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.5+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.6+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.7+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]</td> | ||
< | <td style="white-space:nowrap">Upstream, see <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224 CVE-2014-0224]</td> | ||
< | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=88708 88708]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=88708 88708]</td> | ||
<td>Patch ZCS8 OpenSSL for CVE-2014-0160</td> | <td>Patch ZCS8 OpenSSL for CVE-2014-0160</td> | ||
<td> | <td>n/a</td> | ||
<td>5.0</td> | <td>5.0</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td style="white-space:nowrap"> | <td style="white-space:nowrap"> | ||
[https:// | 8.0.3+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.4+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.5+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.6+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.7+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.7</td> | ||
[https:// | <td>Upstream, see <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160 CVE-2014-0160] </td> | ||
[https:// | |||
[https:// | |||
[https:// | |||
8.0.7 | |||
</td> | |||
<td>Upstream</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=85499 85499]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=85499 85499]</td> | ||
<td>Upgrade to OpenSSL 1.0.1f</td> | <td>Upgrade to OpenSSL 1.0.1f</td> | ||
<td> | <td>n/a</td> | ||
<td>4.3<br />4.3<br />5.8</td> | <td>4.3 <br /> 4.3 <br /> 5.8</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.0.7</td> | <td>8.0.7</td> | ||
<td>Upstream</td> | <td>Upstream, see <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4353 CVE-2013-4353] <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6449 CVE-2013-6449] <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6450 CVE-2013-6450]</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=84547 84547]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=84547 84547]</td> | ||
<td> | <td>XXE [https://cwe.mitre.org/data/definitions/611.html CWE-611]</td> | ||
<td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7217 CVE-2013-7217]</td> | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7217 CVE-2013-7217]</td> | ||
<td | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4] <br /> (not 10.0)</td> | ||
<td>Critical</td> | <td>Critical</td> | ||
<td>7.2.2_Patch3<br /> 7.2.3_Patch<br /> 7.2.4_Patch2<br /> 7.2.5_Patch<br /> 7.2.6<br /> 8.0.3_Patch3<br /> 8.0.4_Patch2<br /> 8.0.5_Patch<br /> 8.0.6</td> | <td>7.2.2_Patch3 <br /> 7.2.3_Patch <br /> 7.2.4_Patch2 <br /> 7.2.5_Patch <br /> 7.2.6 <br /> 8.0.3_Patch3 <br /> 8.0.4_Patch2 <br /> 8.0.5_Patch <br /> 8.0.6</td> | ||
<td>Private</td> | <td>Private</td> | ||
</tr> | </tr> | ||
Line 198: | Line 454: | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.0.7</td> | <td>8.0.7</td> | ||
<td style="white-space:nowrap"> | <td style="white-space:nowrap">Alban Diquet <br /> of iSEC Partners</td> | ||
Alban Diquet<br /> of iSEC Partners | |||
</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 214: | Line 468: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=85000 85000]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=85000 85000]</td> | ||
<td>Patch nginx for CVE-2013-4547</td> | <td>Patch nginx for CVE-2013-4547</td> | ||
<td> | <td>n/a</td> | ||
<td>7.5</td> | <td>7.5</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>7.2.7<br /> 8.0.7</td> | <td>7.2.7 <br /> 8.0.7</td> | ||
<td>Upstream</td> | <td>Upstream, see <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4547 CVE-2013-4547]</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td style="white-space:nowrap"> | <td style="white-space:nowrap"> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80450 80450]<br /> | [https://bugzilla.zimbra.com/show_bug.cgi?id=80450 80450] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80131 80131] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80445 80445] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80132 80132] | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80131 80131]<br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80445 80445]<br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80132 80132] | |||
</td> | </td> | ||
<td style="white-space:nowrap"> | <td style="white-space:nowrap"> | ||
Upgrade to JDK 1.6 u41<br /> | Upgrade to JDK 1.6 u41 <br /> Upgrade OpenSSL to 1.0.0k<br /> Upgrade to JDK 1.7u15+<br /> Upgrade to OpenSSL 1.0.1d</td> | ||
Upgrade OpenSSL to 1.0.0k<br /> | <td>n/a</td> | ||
Upgrade to JDK 1.7u15+<br /> | |||
Upgrade to OpenSSL 1.0.1d | |||
</td> | |||
<td> | |||
<td>2.6</td> | <td>2.6</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>7.2.3<br /> 7.2.3<br /> 8.0.3<br /> 8.0.3</td> | <td>7.2.3 <br /> 7.2.3 <br /> 8.0.3 <br /> 8.0.3</td> | ||
<td>Upstream</td> | <td>Upstream, see <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169 CVE-2013-0169]</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=80338 80338]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=80338 80338]</td> | ||
<td>Local file inclusion via skin/branding feature</td> | <td>Local file inclusion via skin/branding feature [http://cwe.mitre.org/data/definitions/22.html CWE-22]</td> | ||
<td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7091 CVE-2013-7091]</td> | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7091 CVE-2013-7091]</td> | ||
<td>5.0</td> | <td>[https://nvd.nist.gov/cvss/v2-calculator?name=CVE-2013-7091&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0]</td> | ||
<td>Critical</td> | <td>Critical</td> | ||
<td style="white-space:nowrap">6.0.16_Patch<br /> 7.1.1_Patch6<br /> 7.1.3_Patch3<br /> 7.2.2_Patch2<br /> 7.2.3<br /> 8.0.2_Patch<br /> 8.0.3</td> | <td style="white-space:nowrap">6.0.16_Patch <br /> 7.1.1_Patch6 <br /> 7.1.3_Patch3 <br /> 7.2.2_Patch2 <br /> 7.2.3 <br /> 8.0.2_Patch <br /> 8.0.3</td> | ||
<td>Private</td> | <td>Private</td> | ||
</tr> | </tr> | ||
Line 260: | Line 507: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=75424 75424]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=75424 75424]</td> | ||
<td>Upgrade to Clamav 0.97.5</td> | <td>Upgrade to Clamav 0.97.5</td> | ||
<td> | <td>n/a</td> | ||
<td>4.3 <br /> 4.3 <br /> 4.3</td> | |||
</td> | |||
<td>4.3<br />4.3<br />4.3</td> | |||
<td>Minor</td> | <td>Minor</td> | ||
<td>7.2.1</td> | <td>7.2.1</td> | ||
<td>Upstream</td> | <td>Upstream, see <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1457 CVE-2012-1457] <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1458 CVE-2012-1458] <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1459 CVE-2012-1459]</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 274: | Line 519: | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>7.1.3_Patch<br />7.1.4</td> | <td>7.1.3_Patch <br /> 7.1.4</td> | ||
<td>Private</td> | <td>Private</td> | ||
</tr> | </tr> | ||
Line 283: | Line 528: | ||
<div class="tile zimbrared"> | <div class="tile zimbrared"> | ||
<h4>Try Zimbra</h4> | <h4>Try Zimbra</h4> | ||
<p class="text-justify"><i class="fa fa-cloud-download fa-3x pull-left"></i> Try now Zimbra Collaboration without any cost with the 60-day free Trial. <br />[https://www.zimbra.com/try/secure-collaboration-software-free-trial <span style="color:white">'''Get it now »'''</span>]</p> | <p class="text-justify"><i class="fa fa-cloud-download fa-3x pull-left"></i> Try now Zimbra Collaboration without any cost with the 60-day free Trial. <br /> [https://www.zimbra.com/try/secure-collaboration-software-free-trial <span style="color:white">'''Get it now »'''</span>]</p> | ||
</div> | </div> | ||
<div class="tile zimbraorange"> | <div class="tile zimbraorange"> | ||
<h4>Want to get involved?</h4> | <h4>Want to get involved?</h4> | ||
<p class="text-justify">You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets. <br />'''Find out more. »'''</p> | <p class="text-justify">You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets. <br /> '''Find out more. »'''</p> | ||
</div> | </div> | ||
<div class="tile zimbrablue"> | <div class="tile zimbrablue"> | ||
<h4>Other Help Resources</h4> | <h4>Other Help Resources</h4> | ||
<p><i class="fa fa-users"></i> [https://help.zimbra.com <span style="color:white">Visit the User Help Page »</span>]<br /><i class="fa fa-comments"></i> [https://community.zimbra.com/collaboration/ <span style="color:white">Visit the Official Forums »</span>]<br/><i class="fa fa-book"></i> [https://zimbra.com/documentation <span style="color:white">Zimbra Documentation Page »</span>]</p> | <p><i class="fa fa-users"></i> [https://help.zimbra.com <span style="color:white">Visit the User Help Page »</span>] <br /> <i class="fa fa-comments"></i> [https://community.zimbra.com/collaboration/ <span style="color:white">Visit the Official Forums »</span>] <br/> <i class="fa fa-book"></i> [https://zimbra.com/documentation <span style="color:white">Zimbra Documentation Page »</span>]</p> | ||
</div> | </div> | ||
<div class="tile zimbragrey"> | <div class="tile zimbragrey"> | ||
<h4>Looking for a Video?</h4> | <h4>Looking for a Video?</h4> | ||
<p class="text-justify"><i class="fa fa-youtube fa-3x pull-left"></i> Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more. <br />[https://www.youtube.com/channel/UCcB648SoNlCNvyIh4arcTGg <span style="color:white">'''Go to the YouTube Channel »'''</span>]</p> | <p class="text-justify"><i class="fa fa-youtube fa-3x pull-left"></i> Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more. <br /> [https://www.youtube.com/channel/UCcB648SoNlCNvyIh4arcTGg <span style="color:white">'''Go to the YouTube Channel »'''</span>]</p> | ||
</div> | </div> | ||
</div> | </div> | ||
</div> | </div> | ||
<br /> | <br /> |
Revision as of 22:33, 12 February 2018
Zimbra Security Advisories
Overview
The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:
- Zimbra Collaboration - Network Edition: https://www.zimbra.com/downloads/ne-downloads.html
- Zimbra Collaboration - Open-Source Edition: https://www.zimbra.com/downloads/os-downloads.html
Zimbra Collaboration - Security Vulnerability Advisories
(going back to ZCS 7.1.3)
Bug# | Summary | CVE-ID | CVSS Score |
Zimbra Rating |
Fix Release or Patch Version |
Reporter |
---|---|---|---|---|---|---|
108786 | Persistent XSS CWE-79 | CVE-2018-6882 | 4.3 | Minor | 8.7 Patch 1 (est.) 8.8.7 (est.) |
Stephan Kaag of Securify |
108265 | Persistent XSS CWE-79 | CVE-2017-17703 | 4.3 | Minor | 8.6.0 Patch 9 8.7 Patch 1 (est) 8.8.3 |
Veit Hailperin |
107963 | Host header injection CWE-20 | - | 4.3 | Minor | 8.8.0 Beta2 | - |
107948 |
Persistent XSS CWE-79 | - | 3.5 | Minor | 8.8.0 Beta2 | Lucideus & Zimbra |
107925 | Persistent XSS - snippet CWE-79 | CVE-2017-8802 | 3.5 | Minor | 8.6.0 Patch9 8.7 Patch 1 (est) 8.8.0 Beta2 |
Compass Security |
107878 | Persistent XSS - location CWE-79 | CVE-2017-8783 | 4.0 | Minor | 8.7.10 | Stephan Kaag of Securify |
107712 | Improper limitation of file paths CWE-22 | CVE-2017-6821 | 4.0 | Minor | 8.7.6 | Greg Solovyev, Phil Pearl |
107684 | Improper handling of privileges CWE-280 | CVE-2017-6813 | 4.0 | Major | 8.7.6 | Greg Solovyev |
106811 | Limited XXE CWE-611 | CVE-2016-9924 | 4.3 | Minor | 8.7.4 | Alastair Gray |
106612 | Persistent XSS CWE-79 | CVE-2017-7288 | 4.3 | Minor | 8.7.1 | Sammy Forgit |
105001 105174 |
XSS CWE-79 | CVE-2016-5721 | 4.3 2.1 |
Minor | 8.7.0 | Secu |
104552 104703 |
XSS CWE-79 | CVE-2016-3999 | 4.3 | Minor | 8.7.0 | Nam Habach |
104477 | - | CVE-2016-4019 | 4.3 | Minor | 8.7.0 | Zimbra |
104294 104456 |
CSRF CWE-352 | CVE-2016-3406 | 2.6 | Minor | 8.6.0 Patch8 8.7.0 |
Zimbra |
104222 104910 105071 105175 |
XSS CWE-79 | CVE-2016-3407 | 4.3 3.5 4.3 2.1 |
Minor | 8.7.0 | Zimbra |
103997 104413 104414 104777 104791 |
XSS CWE-79 | CVE-2016-3412 | 3.5 | Minor | 8.7.0 | Zimbra |
103996 | - | CVE-2016-3413 | 2.6 | Minor | 8.7.0 | Zimbra |
103961 104828 |
CSRF CWE-352 | CVE-2016-3405 | 4.3 | Minor | 8.6.0 Patch8 8.7.0 |
Zimbra |
103959 | CSRF CWE-352 | CVE-2016-3404 | 4.3 | Minor | 8.6.0 Patch8 8.7.0 |
Zimbra |
103956 103995 104475 104838 104839 |
XSS CWE-79 | CVE-2016-3410 | 4.3 | Minor | 8.7.0 | Zimbra |
103609 | XSS CWE-79 | CVE-2016-3411 | 3.5 | Minor | 8.7.0 | Zimbra |
102637 | XSS CWE-79 | CVE-2016-3409 | 4.3 | Minor | 8.7.0 | Peter Nguyen |
102276 | CWE-502 | CVE-2016-3415 | 5.8 | Major | 8.7.0 | Zimbra |
102227 | CWE-502 | n/a | 7.5 | Major | 8.7.0 | Upstream, see CVE-2015-4852 |
102029 | CWE-674 | CVE-2016-3414 | 4.0 | Minor | 8.6.0 Patch7 8.7.0 |
Zimbra |
101813 | XSS CWE-79 | CVE-2016-3408 | 4.3 | Minor | 8.7.0 | Volexity |
100885 100899 |
CSRF CWE-352 | CVE-2016-3403 | 5.8 | Major | 8.6.0 Patch8 8.7.0 |
Sysdream |
99810 | - | CVE-2016-3401 | 3.5 | Minor | 8.7.0 | Zimbra |
99167 | - | CVE-2016-3402 | 2.6 | Minor | 8.7.0 | Zimbra |
101435 101436 |
Persistent XSS CWE-79 | CVE-2015-7609 | 6.4 2.3 |
Major | 8.6.0 Patch5 8.7.0 |
Fortinet's FortiGuard Labs |
101559 100133 99854 99914 96973 |
XSS CWE-79 | CVE-2015-2249 | 3.5 | Minor | 8.6.0 Patch5 8.7.0 |
Zimbra |
99236 | XSS Vuln in YUI components in ZCS | n/a | 4.3 | Minor | 8.6.0 Patch5 | Upstream, see CVE-2012-5881 CVE-2012-5882 CVE-2012-5883 |
98358 98216 98215 |
Non-Persistent XSS CWE-79 | CVE-2015-2249 | 4.3 | Minor | 8.6.0 Patch2 8.7.0 |
Cure53 |
97625 | Non-Persistent XSS CWE-79 | CVE-2015-2230 | 3.5 | Minor | 8.6.0 Patch2 | MWR InfoSecurity |
96105 | Improper Input Validation CWE-20 | CVE-2014-8563 | 5.8 | Major | 8.0.9 8.5.1 8.6.0 |
- |
83547 | CSRF Vulnerability CWE-352 | CVE-2015-6541 | 5.8 | Major | 8.5.0 | iSEC Partners, Sysdream |
87412 92825 92833 92835 |
XSS Vulnerabilities CWE-79 (8.0.7 Patch contains 87412) |
CVE-2014-5500 | 4.3 | Minor | 8.0.8 8.5.0 |
- |
83550 | Session Fixation CWE-384 | CVE-2013-5119 | 5.8 | Major | 8.5.0 | - |
91484 | Patch ZCS8 OpenSSL for CVE-2014-0224 | n/a | 6.8 | Major |
8.0.3+Patch 8.0.4+Patch 8.0.5+Patch 8.0.6+Patch 8.0.7+Patch |
Upstream, see CVE-2014-0224 |
88708 | Patch ZCS8 OpenSSL for CVE-2014-0160 | n/a | 5.0 | Major |
8.0.3+Patch 8.0.4+Patch 8.0.5+Patch 8.0.6+Patch 8.0.7+Patch 8.0.7 |
Upstream, see CVE-2014-0160 |
85499 | Upgrade to OpenSSL 1.0.1f | n/a | 4.3 4.3 5.8 |
Major | 8.0.7 | Upstream, see CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 |
84547 | XXE CWE-611 | CVE-2013-7217 | 6.4 (not 10.0) |
Critical | 7.2.2_Patch3 7.2.3_Patch 7.2.4_Patch2 7.2.5_Patch 7.2.6 8.0.3_Patch3 8.0.4_Patch2 8.0.5_Patch 8.0.6 |
Private |
85478 | XSS vulnerability in message view | - | 6.4 | Major | 8.0.7 | Alban Diquet of iSEC Partners |
85411 | Local root privilege escalation | - | 6.2 | Major | 8.0.7 | Matthew David |
85000 | Patch nginx for CVE-2013-4547 | n/a | 7.5 | Major | 7.2.7 8.0.7 |
Upstream, see CVE-2013-4547 |
Upgrade to JDK 1.6 u41 Upgrade OpenSSL to 1.0.0k Upgrade to JDK 1.7u15+ Upgrade to OpenSSL 1.0.1d |
n/a | 2.6 | Minor | 7.2.3 7.2.3 8.0.3 8.0.3 |
Upstream, see CVE-2013-0169 |
|
80338 | Local file inclusion via skin/branding feature CWE-22 | CVE-2013-7091 | 5.0 | Critical | 6.0.16_Patch 7.1.1_Patch6 7.1.3_Patch3 7.2.2_Patch2 7.2.3 8.0.2_Patch 8.0.3 |
Private |
77655 | Separate keystore for CAs used for X509 authentication | - | 5.8 | Major | 8.0.7 | Private |
75424 | Upgrade to Clamav 0.97.5 | n/a | 4.3 4.3 4.3 |
Minor | 7.2.1 | Upstream, see CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 |
64981 | Do not allow HTTP GET for login | - | 6.8 | Major | 7.1.3_Patch 7.1.4 |
Private |
Try Zimbra
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Visit the User Help Page »
Visit the Official Forums »
Zimbra Documentation Page »
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »