Zimbra Security Advisories: Difference between revisions
(add 109020, CVE tbd) |
(added Khanh Viet Pham to CVE-2019-9670) |
||
(16 intermediate revisions by the same user not shown) | |||
Line 11: | Line 11: | ||
</ul> | </ul> | ||
===Zimbra Collaboration - Security Vulnerability Advisories=== | ===Zimbra Collaboration - Security Vulnerability Advisories=== | ||
<p>< | <p> <b>Note</b>: <u>only supported versions are referenced</u>, however older unsupported versions often have the same vulnerabilities and should be upgraded to supported versions as soon as possible. <br /> <em>(going back to ZCS 7.1.3)</em></p> | ||
<div class="col-md-12"> | <div class="col-md-12"> | ||
<table class="table table-striped table-condensed"> | <table class="table table-striped table-condensed"> | ||
Line 22: | Line 22: | ||
<th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;">Fix Release or <br />Patch Version</span></th> | <th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;">Fix Release or <br />Patch Version</span></th> | ||
<th style="background-color: #f15922;"><span style="color: #ffffff;">Reporter</span></th> | <th style="background-color: #f15922;"><span style="color: #ffffff;">Reporter</span></th> | ||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109127 109127]</td> | |||
<td>SSRF [https://cwe.mitre.org/data/definitions/918.html CWE-918] / [https://cwe.mitre.org/data/definitions/807.html CWE-807]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2019-9621 CVE-2019-9621]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:S/C:P/I:N/A:N) 4.0]</td> | |||
<td>Minor</td> | |||
<td> - </td> | |||
<td>An Trinh</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109124 109124]</td> | |||
<td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2019-8947 CVE-2019-8947]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6]</td> | |||
<td>Minor</td> | |||
<td> - </td> | |||
<td>Issam Rabhi of Sysdream</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109123 109123]</td> | |||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2019-8946 CVE-2019-8946]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6]</td> | |||
<td>Minor</td> | |||
<td> - </td> | |||
<td>Issam Rabhi of Sysdream</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109122 109122]</td> | |||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2019-8945 CVE-2019-8945]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5]</td> | |||
<td>Minor</td> | |||
<td> - </td> | |||
<td>Issam Rabhi of Sysdream</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109117 109117]</td> | |||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td> - <!-- [https://nvd.nist.gov/vuln/detail/CVE-2019-xxxx CVE-2019-xxxx] --> </td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | |||
<td>Minor</td> | |||
<td> - </td> | |||
<td>Mondher Smii</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109096 109096]</td> | |||
<td>Blind SSRF [https://cwe.mitre.org/data/definitions/918.html CWE-918]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2019-6981 CVE-2019-6981]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:S/C:P/I:N/A:N) 4.0]</td> | |||
<td>Minor</td> | |||
<td> - </td> | |||
<td>An Trinh</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109129 109129]</td> | |||
<td>XXE [https://cwe.mitre.org/data/definitions/611.html CWE-611] <br />(8.7.x only)</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2019-9670 CVE-2019-9670]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4]</td> | |||
<td>Major</td> | |||
<td>8.7.11 Patch10</td> | |||
<td>Khanh Viet Pham <br /> An Trinh</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109097 109097]</td> | |||
<td>Insecure object deserialization [https://cwe.mitre.org/data/definitions/502.html CWE-502]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2019-6980 CVE-2019-6980]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:A/AC:M/Au:N/C:P/I:P/A:P) 5.4]</td> | |||
<td>Major</td> | |||
<td>8.7.11 Patch9 <br /> 8.8.10 Patch7 <br /> 8.8.11 Patch3</td> | |||
<td>An Trinh</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109093 109093]</td> | |||
<td>XXE [https://cwe.mitre.org/data/definitions/611.html CWE-611]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2018-20160 CVE-2018-20160]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4]</td> | |||
<td>Major</td> | |||
<td>8.7.x see [https://bugzilla.zimbra.com/show_bug.cgi?id=109129 109129] above <br /> 8.8.9 Patch9 <br /> 8.8.10 Patch5 <br /> 8.8.11 Patch1</td> | |||
<td>An Trinh</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109017 109017]</td> | |||
<td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2018-14013 CVE-2018-14013]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | |||
<td>Minor</td> | |||
<td>8.7.11 Patch8 <br /> 8.8.9 Patch9 <br /> 8.8.10 Patch5 <br /> 8.8.11 </td> | |||
<td>Issam Rabhi of Sysdream</td> | |||
</tr> | </tr> | ||
Line 27: | Line 127: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109020 109020]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109020 109020]</td> | ||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2018-18631 CVE-2018-18631]</td> | ||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0]</td> | <td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td | <td>8.7.11 Patch7 <br /> 8.8.9 Patch7 <br /> 8.8.10 Patch2</td> | ||
<td>Netragard</td> | <td>Netragard</td> | ||
</tr> | </tr> | ||
Line 36: | Line 136: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109018 109018]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109018 109018]</td> | ||
<td> | <td>Non-Persistent [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2018-14013 CVE-2018-14013]</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2018-14013 CVE-2018-14013]</td> | ||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td> | <td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.8.9 Patch6 <br /> 8.8.10 Patch1</td> | <td>8.7.11 Patch7 <br /> 8.8.9 Patch6 <br /> 8.8.10 Patch1</td> | ||
<td>Issam Rabhi of Sysdream</td> | <td>Issam Rabhi of Sysdream</td> | ||
</tr> | </tr> | ||
Line 46: | Line 146: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109021 109021]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109021 109021]</td> | ||
<td> | <td>Limited Content Spoofing [https://cwe.mitre.org/data/definitions/345.html CWE-345]</td> | ||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2018-17938 CVE-2018-17938]</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2018-17938 CVE-2018-17938]</td> | ||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
Line 208: | Line 308: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=106811 106811]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=106811 106811]</td> | ||
<td> | <td>XXE [https://cwe.mitre.org/data/definitions/611.html CWE-611]</td> | ||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2016-9924 CVE-2016-9924]</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-9924 CVE-2016-9924]</td> | ||
<td>[https://nvd.nist.gov/cvss | <td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | ||
<td> | <td>Major</td> | ||
<td>8.6.0 Patch10 <br /> 8.7.4</td> | <td>8.6.0 Patch10 <br /> 8.7.4</td> | ||
<td>Alastair Gray</td> | <td>Alastair Gray</td> | ||
Line 250: | Line 350: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104477 104477]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104477 104477]</td> | ||
<td> | <td>Open Redirect [https://cwe.mitre.org/data/definitions/601.html CWE-601]</td> | ||
<td>CVE-2016-4019</td> | <td>CVE-2016-4019</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
Line 298: | Line 398: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103996 103996]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103996 103996]</td> | ||
<td>[https://cwe.mitre.org/data/definitions/611.html CWE-611]-</td> | <td>XXE (Admin) [https://cwe.mitre.org/data/definitions/611.html CWE-611]-</td> | ||
<td>CVE-2016-3413</td> | <td>CVE-2016-3413</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td> | ||
Line 363: | Line 463: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102276 102276]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102276 102276]</td> | ||
<td>[https://cwe.mitre.org/data/definitions/502.html CWE-502]</td> | <td>Deserialization of Untrusted Data [https://cwe.mitre.org/data/definitions/502.html CWE-502]</td> | ||
<td>CVE-2016-3415</td> | <td>CVE-2016-3415</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | ||
Line 373: | Line 473: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102227 102227]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102227 102227]</td> | ||
<td>[https://cwe.mitre.org/data/definitions/502.html CWE-502]</td> | <td>Deserialization of Untrusted Data [https://cwe.mitre.org/data/definitions/502.html CWE-502]</td> | ||
<td>n/a</td> | <td>n/a</td> | ||
<td>7.5</td> | <td>7.5</td> | ||
Line 414: | Line 514: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99810 99810]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99810 99810]</td> | ||
<td> | <td>[https://cwe.mitre.org/data/definitions/284.html CWE-284] [https://cwe.mitre.org/data/definitions/203.html CWE-203]</td> | ||
<td>CVE-2016-3401</td> | <td>CVE-2016-3401</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | ||
Line 424: | Line 524: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99167 99167]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99167 99167]</td> | ||
<td> | <td>Account Enumeration [https://cwe.mitre.org/data/definitions/203.html CWE-203]</td> | ||
<td>CVE-2016-3402</td> | <td>CVE-2016-3402</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6]</td> |
Revision as of 03:16, 15 March 2019
Zimbra Security Advisories
Overview
The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:
- Zimbra Collaboration - Network Edition: https://www.zimbra.com/downloads/ne-downloads.html
- Zimbra Collaboration - Open-Source Edition: https://www.zimbra.com/downloads/os-downloads.html
Zimbra Collaboration - Security Vulnerability Advisories
Note: only supported versions are referenced, however older unsupported versions often have the same vulnerabilities and should be upgraded to supported versions as soon as possible.
(going back to ZCS 7.1.3)
Bug# | Summary | CVE-ID | CVSS Score |
Zimbra Rating |
Fix Release or Patch Version |
Reporter |
---|---|---|---|---|---|---|
109127 | SSRF CWE-918 / CWE-807 | CVE-2019-9621 | 4.0 | Minor | - | An Trinh |
109124 | Non-Persistent XSS CWE-79 | CVE-2019-8947 | 2.6 | Minor | - | Issam Rabhi of Sysdream |
109123 | Persistent XSS CWE-79 | CVE-2019-8946 | 2.6 | Minor | - | Issam Rabhi of Sysdream |
109122 | Persistent XSS CWE-79 | CVE-2019-8945 | 3.5 | Minor | - | Issam Rabhi of Sysdream |
109117 | Persistent XSS CWE-79 | - | 3.5 | Minor | - | Mondher Smii |
109096 | Blind SSRF CWE-918 | CVE-2019-6981 | 4.0 | Minor | - | An Trinh |
109129 | XXE CWE-611 (8.7.x only) |
CVE-2019-9670 | 6.4 | Major | 8.7.11 Patch10 | Khanh Viet Pham An Trinh |
109097 | Insecure object deserialization CWE-502 | CVE-2019-6980 | 5.4 | Major | 8.7.11 Patch9 8.8.10 Patch7 8.8.11 Patch3 |
An Trinh |
109093 | XXE CWE-611 | CVE-2018-20160 | 6.4 | Major | 8.7.x see 109129 above 8.8.9 Patch9 8.8.10 Patch5 8.8.11 Patch1 |
An Trinh |
109017 | Non-Persistent XSS CWE-79 | CVE-2018-14013 | 4.3 | Minor | 8.7.11 Patch8 8.8.9 Patch9 8.8.10 Patch5 8.8.11 |
Issam Rabhi of Sysdream |
109020 | Persistent XSS CWE-79 | CVE-2018-18631 | 5.0 | Major | 8.7.11 Patch7 8.8.9 Patch7 8.8.10 Patch2 |
Netragard |
109018 | Non-Persistent CWE-79 | CVE-2018-14013 | 2.6 | Minor | 8.7.11 Patch7 8.8.9 Patch6 8.8.10 Patch1 |
Issam Rabhi of Sysdream |
109021 | Limited Content Spoofing CWE-345 | CVE-2018-17938 | 4.3 | Minor | 8.8.10 | Sumit Sahoo |
109012 | Account Enumeration CWE-203 | CVE-2018-15131 | 5.0 | Major | 8.7.11 Patch6 8.8.8 Patch9 8.8.9 Patch3 |
Danielle Deibler |
108970 | Persistent XSS CWE-79 | CVE-2018-14425 | 3.5 | Minor | 8.8.8 Patch7 8.8.9 Patch1 |
Diego Di Nardo |
108902 | Persistent XSS CWE-79 | CVE-2018-10939 | 3.5 | Minor | 8.6.0 Patch11 8.7.11 Patch4 8.8.8 Patch4 |
Diego Di Nardo |
108963 | Verbose Error Messages CWE-209 | CVE-2018-10950 | 3.5 | Minor | 8.7.11 Patch3 8.8.8 |
Netragard |
108962 | Account Enumeration CWE-203 | CVE-2018-10949 | 5.0 | Major | 8.7.11 Patch3 8.8.8 |
Netragard |
108894 | Persistent XSS CWE-199 | CVE-2018-10951 | 3.6 | Minor | 8.6.0 Patch10 8.7.11 Patch3 8.8.8 |
Netragard |
97579 | CSRF CWE-352 | CVE-2015-7610 | 5.8 | Major | 8.6.0 Patch10 8.7.11 Patch2 8.8.8 Patch1 |
Fortinet's FortiGuard Labs |
108786 | Persistent XSS CWE-79 | CVE-2018-6882 | 4.3 | Minor | 8.6.0 Patch10 8.7.11 Patch1 8.8.7 8.8.8 |
Stephan Kaag of Securify |
108265 | Persistent XSS CWE-79 | CVE-2017-17703 | 4.3 | Minor | 8.6.0 Patch9 8.7.11 Patch1 8.8.3 |
Veit Hailperin |
107963 | Host header injection CWE-20 | - | 4.3 | Minor | 8.8.0 Beta2 | - |
107948 |
Persistent XSS CWE-79 | CVE-2018-10948 | 3.5 | Minor | 8.6.0 Patch10 8.7.11 Patch3 8.8.0 Beta2 |
Lucideus Phil Pearl |
107925 | Persistent XSS - snippet CWE-79 | CVE-2017-8802 | 3.5 | Minor | 8.6.0 Patch9 8.7.11 Patch1 8.8.0 Beta2 |
Compass Security |
107878 | Persistent XSS - location CWE-79 | CVE-2017-8783 | 4.0 | Minor | 8.7.10 | Stephan Kaag of Securify |
107712 | Improper limitation of file paths CWE-22 | CVE-2017-6821 | 4.0 | Minor | 8.7.6 | Greg Solovyev, Phil Pearl |
107684 | Improper handling of privileges CWE-280 | CVE-2017-6813 | 4.0 | Major | 8.6.0 Patch9 8.7.6 |
Greg Solovyev |
106811 | XXE CWE-611 | CVE-2016-9924 | 5.8 | Major | 8.6.0 Patch10 8.7.4 |
Alastair Gray |
106612 | Persistent XSS CWE-79 | CVE-2017-7288 | 4.3 | Minor | 8.6.0 Patch11 8.7.1 |
Sammy Forgit |
105001 105174 |
XSS CWE-79 | CVE-2016-5721 | 4.3 2.1 |
Minor | 8.6.0 Patch11 8.7.0 |
Secu |
104552 104703 |
XSS CWE-79 | CVE-2016-3999 | 4.3 | Minor | 8.7.0 | Nam Habach |
104477 | Open Redirect CWE-601 | CVE-2016-4019 | 4.3 | Minor | 8.7.0 | Zimbra |
104294 104456 |
CSRF CWE-352 | CVE-2016-3406 | 2.6 | Minor | 8.6.0 Patch8 8.7.0 |
Zimbra |
104222 105175 |
XSS CWE-79 | CVE-2016-3407 | 4.3 3.5 4.3 2.1 |
Minor | 8.6.0 Patch11 8.7.0 |
Zimbra |
103997 104791 |
XSS CWE-79 | CVE-2016-3412 | 3.5 | Minor | 8.7.0 | Zimbra |
103996 | XXE (Admin) CWE-611- | CVE-2016-3413 | 2.6 | Minor | 8.6.0 Patch11 8.7.0 |
Zimbra |
103961 104828 |
CSRF CWE-352 | CVE-2016-3405 | 4.3 | Minor | 8.6.0 Patch8 8.7.0 |
Zimbra |
103959 | CSRF CWE-352 | CVE-2016-3404 | 4.3 | Minor | 8.6.0 Patch8 8.7.0 |
Zimbra |
103956 104839 |
XSS CWE-79 | CVE-2016-3410 | 4.3 | Minor | 8.6.0 Patch11 8.7.0 |
Zimbra |
103609 | XSS CWE-79 | CVE-2016-3411 | 3.5 | Minor | 8.6.0 Patch11 8.7.0 |
Zimbra |
102637 | XSS CWE-79 | CVE-2016-3409 | 4.3 | Minor | 8.6.0 Patch11 8.7.0 |
Peter Nguyen |
102276 | Deserialization of Untrusted Data CWE-502 | CVE-2016-3415 | 5.8 | Major | 8.7.0 | Zimbra |
102227 | Deserialization of Untrusted Data CWE-502 | n/a | 7.5 | Major | 8.7.0 | Upstream, see CVE-2015-4852 |
102029 | CWE-674 | CVE-2016-3414 | 4.0 | Minor | 8.6.0 Patch7 8.7.0 |
Zimbra |
101813 | XSS CWE-79 | CVE-2016-3408 | 4.3 | Minor | 8.6.0 Patch11 8.7.0 |
Volexity |
100885 100899 |
CSRF CWE-352 | CVE-2016-3403 | 5.8 | Major | 8.6.0 Patch8 8.7.0 |
Sysdream |
99810 | CWE-284 CWE-203 | CVE-2016-3401 | 3.5 | Minor | 8.7.0 | Zimbra |
99167 | Account Enumeration CWE-203 | CVE-2016-3402 | 2.6 | Minor | 8.7.0 | Zimbra |
101435 101436 |
Persistent XSS CWE-79 | CVE-2015-7609 | 6.4 2.3 |
Major | 8.6.0 Patch5 8.7.0 |
Fortinet's FortiGuard Labs |
101559 96973 |
XSS CWE-79 | CVE-2015-2249 | 3.5 | Minor | 8.6.0 Patch5 8.7.0 |
Zimbra |
99236 | XSS Vuln in YUI components in ZCS | n/a | 4.3 | Minor | 8.6.0 Patch5 | Upstream, see CVE-2012-5881 CVE-2012-5882 CVE-2012-5883 |
98358 98215 |
Non-Persistent XSS CWE-79 | CVE-2015-2249 | 4.3 | Minor | 8.6.0 Patch2 8.7.0 |
Cure53 |
97625 | Non-Persistent XSS CWE-79 | CVE-2015-2230 | 3.5 | Minor | 8.6.0 Patch2 | MWR InfoSecurity |
96105 | Improper Input Validation CWE-20 | CVE-2014-8563 | 5.8 | Major | 8.0.9 8.5.1 8.6.0 |
- |
83547 | CSRF Vulnerability CWE-352 | CVE-2015-6541 | 5.8 | Major | 8.5.0 | iSEC Partners, Sysdream |
87412 92835 |
XSS Vulnerabilities CWE-79 (8.0.7 Patch contains 87412) |
CVE-2014-5500 | 4.3 | Minor | 8.0.8 8.5.0 |
- |
83550 | Session Fixation CWE-384 | CVE-2013-5119 | 5.8 | Major | 8.5.0 | - |
91484 | Patch ZCS8 OpenSSL for CVE-2014-0224 | n/a | 6.8 | Major |
8.0.3+Patch 8.0.4+Patch 8.0.5+Patch 8.0.6+Patch 8.0.7+Patch |
Upstream, see CVE-2014-0224 |
88708 | Patch ZCS8 OpenSSL for CVE-2014-0160 | n/a | 5.0 | Major |
8.0.3+Patch 8.0.4+Patch 8.0.5+Patch 8.0.6+Patch 8.0.7+Patch 8.0.7 |
Upstream, see CVE-2014-0160 |
85499 | Upgrade to OpenSSL 1.0.1f | n/a | 4.3 4.3 5.8 |
Major | 8.0.7 | Upstream, see CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 |
84547 | XXE CWE-611 | CVE-2013-7217 | 6.4 (not 10.0) |
Critical | 7.2.2_Patch3 7.2.3_Patch 7.2.4_Patch2 7.2.5_Patch 7.2.6 8.0.3_Patch3 8.0.4_Patch2 8.0.5_Patch 8.0.6 |
Private |
85478 | XSS vulnerability in message view | - | 6.4 | Major | 8.0.7 | Alban Diquet of iSEC Partners |
85411 | Local root privilege escalation | - | 6.2 | Major | 8.0.7 | Matthew David |
85000 | Patch nginx for CVE-2013-4547 | n/a | 7.5 | Major | 7.2.7 8.0.7 |
Upstream, see CVE-2013-4547 |
Upgrade to JDK 1.6 u41 Upgrade OpenSSL to 1.0.0k Upgrade to JDK 1.7u15+ Upgrade to OpenSSL 1.0.1d |
n/a | 2.6 | Minor | 7.2.3 7.2.3 8.0.3 8.0.3 |
Upstream, see CVE-2013-0169 |
|
80338 | Local file inclusion via skin/branding feature CWE-22 | CVE-2013-7091 | 5.0 | Critical | 6.0.16_Patch 7.1.1_Patch6 7.1.3_Patch3 7.2.2_Patch2 7.2.3 8.0.2_Patch 8.0.3 |
Private |
77655 | Separate keystore for CAs used for X509 authentication | - | 5.8 | Major | 8.0.7 | Private |
75424 | Upgrade to Clamav 0.97.5 | n/a | 4.3 4.3 4.3 |
Minor | 7.2.1 | Upstream, see CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 |
64981 | Do not allow HTTP GET for login | - | 6.8 | Major | 7.1.3_Patch 7.1.4 |
Private |
Try Zimbra
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Visit the User Help Page »
Visit the Official Forums »
Zimbra Documentation Page »
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »