Zimbra Security Advisories: Difference between revisions
(added bug 108902 / CVE-2018-10939; bug 108963 / CVE-2018-10950; add more CVEs and other released patches) |
No edit summary |
||
(45 intermediate revisions by 2 users not shown) | |||
Line 11: | Line 11: | ||
</ul> | </ul> | ||
===Zimbra Collaboration - Security Vulnerability Advisories=== | ===Zimbra Collaboration - Security Vulnerability Advisories=== | ||
<p>< | <p> <b>Note</b>: <u>only supported versions are referenced</u>, however older unsupported versions often have the same vulnerabilities and should be upgraded to supported versions as soon as possible. <br /> <em>(going back to ZCS 7.1.3)</em></p> | ||
<div class="col-md-12"> | <div class="col-md-12"> | ||
<table class="table table-striped table-condensed"> | <table class="table table-striped table-condensed"> | ||
Line 22: | Line 22: | ||
<th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;">Fix Release or <br />Patch Version</span></th> | <th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;">Fix Release or <br />Patch Version</span></th> | ||
<th style="background-color: #f15922;"><span style="color: #ffffff;">Reporter</span></th> | <th style="background-color: #f15922;"><span style="color: #ffffff;">Reporter</span></th> | ||
</tr> | |||
<tr> | |||
<td></td> | |||
<td>XXE ([https://cwe.mitre.org/data/definitions/776.html CWE-776]) vulnerability in saml consumer store servlet (Network Edition) </td> | |||
<td nowrap>[https://nvd.nist.gov/vuln/detail/CVE-2020-35123 CVE-2020-35123]</td> | |||
<td></td> | |||
<td>Medium</td> | |||
<td>9.0.0 Patch 10</td> | |||
<td>Primerica</td> | |||
</tr> | |||
<tr> | |||
<td></td> | |||
<td>XXE ([https://cwe.mitre.org/data/definitions/776.html CWE-776]) vulnerability in saml consumer store servlet (Network Edition) </td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2020-35123 CVE-2020-35123]</td> | |||
<td></td> | |||
<td>Medium</td> | |||
<td>8.8.15 Patch 17</td> | |||
<td>Primerica</td> | |||
</tr> | |||
<tr> | |||
<td></td> | |||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79] vulnerability in tinymce</td> | |||
<td nowrap>n/a</td> | |||
<td>6.1</td> | |||
<td>Medium</td> | |||
<td>9.0.0 Patch 5</td> | |||
<td>Upstream, see [https://nvd.nist.gov/vuln/detail/CVE-2019-1010091 CVE-2019-1010091]</td> | |||
</tr> | |||
<tr> | |||
<td></td> | |||
<td>Memory Leak in nodejs library [https://github.com/sindresorhus/mem mem]</td> | |||
<td nowrap>n/a</td> | |||
<td>5.5</td> | |||
<td>Medium</td> | |||
<td>9.0.0 Patch 5</td> | |||
<td>Upstream, see [https://www.whitesourcesoftware.com/vulnerability-database/WS-2018-0236 WS-2018-0236]</td> | |||
</tr> | |||
<tr> | |||
<td></td> | |||
<td>Persistent XSS</td> | |||
<td nowrap> [https://nvd.nist.gov/vuln/detail/CVE-2020-13653 CVE-2020-13653] </td> | |||
<td></td> | |||
<td>Minor</td> | |||
<td>8.8.15 Patch 11, 9.0.0 Patch 4</td> | |||
<td>Telenet</td> | |||
</tr> | |||
<tr> | |||
<td></td> | |||
<td>Unrestricted Upload of File with Dangerous Type [https://cwe.mitre.org/data/definitions/434.html CWE-434]</td> | |||
<td nowrap> [https://nvd.nist.gov/vuln/detail/CVE-2020-12846 CVE-2020-12846] </td> | |||
<td>6.0</td> | |||
<td>Minor</td> | |||
<td>8.8.16 Patch 10, 9.0.0 Patch 3 </td> | |||
<td>Telenet</td> | |||
</tr> | |||
<tr> | |||
<td></td> | |||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td nowrap> [https://nvd.nist.gov/vuln/detail/CVE-2020-11737 CVE-2020-11737] </td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3]</td> | |||
<td>Minor</td> | |||
<td>9.0.0 Patch 2 </td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109174 109174]</td> | |||
<td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td nowrap> [https://nvd.nist.gov/vuln/detail/CVE-2019-12427 CVE-2019-12427] </td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3]</td> | |||
<td>Minor</td> | |||
<td> 8.8.15 Patch 1 </td> | |||
<td>Meridian Miftari</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109141 109141]</td> | |||
<td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td nowrap>[https://nvd.nist.gov/vuln/detail/CVE-2019-15313 CVE-2019-15313]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3]</td> | |||
<td>Minor</td> | |||
<td> 8.8.15 Patch 1 </td> | |||
<td>Quang Bui</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109124 109124]</td> | |||
<td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td nowrap>[https://nvd.nist.gov/vuln/detail/CVE-2019-8947 CVE-2019-8947]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6]</td> | |||
<td>Minor</td> | |||
<td> - </td> | |||
<td>Issam Rabhi of Sysdream</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109123 109123]</td> | |||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td nowrap>[https://nvd.nist.gov/vuln/detail/CVE-2019-8946 CVE-2019-8946]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6]</td> | |||
<td>Minor</td> | |||
<td> - </td> | |||
<td>Issam Rabhi of Sysdream</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109122 109122]</td> | |||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td nowrap>[https://nvd.nist.gov/vuln/detail/CVE-2019-8945 CVE-2019-8945]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5]</td> | |||
<td>Minor</td> | |||
<td> - </td> | |||
<td>Issam Rabhi of Sysdream</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109117 109117]</td> | |||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td nowrap>[https://nvd.nist.gov/vuln/detail/CVE-2019-11318 CVE-2019-11318]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | |||
<td>Minor</td> | |||
<td> 8.8.12 Patch 1 </td> | |||
<td>Mondher Smii</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109127 109127]</td> | |||
<td>SSRF [https://cwe.mitre.org/data/definitions/918.html CWE-918] / [https://cwe.mitre.org/data/definitions/807.html CWE-807]</td> | |||
<td nowrap>[https://nvd.nist.gov/vuln/detail/CVE-2019-9621 CVE-2019-9621]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:S/C:P/I:N/A:N) 4.0]</td> | |||
<td>Minor</td> | |||
<td> 8.7.11 Patch11 <br /> 8.8.9 Patch10 <br /> 8.8.10 Patch8 <br /> 8.8.11 Patch4 <br /> 8.8.12 </td> | |||
<td>An Trinh</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109096 109096]</td> | |||
<td>Blind SSRF [https://cwe.mitre.org/data/definitions/918.html CWE-918]</td> | |||
<td nowrap>[https://nvd.nist.gov/vuln/detail/CVE-2019-6981 CVE-2019-6981]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:S/C:P/I:N/A:N) 4.0]</td> | |||
<td>Minor</td> | |||
<td> 8.7.11 Patch11 <br /> 8.8.9 Patch10 <br /> 8.8.10 Patch8 <br /> 8.8.11 Patch4 <br /> 8.8.12 </td> | |||
<td>An Trinh</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109129 109129]</td> | |||
<td>XXE [https://cwe.mitre.org/data/definitions/611.html CWE-611] <br />(8.7.x only)</td> | |||
<td nowrap>[https://nvd.nist.gov/vuln/detail/CVE-2019-9670 CVE-2019-9670]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4]</td> | |||
<td>Major</td> | |||
<td>8.7.11 Patch10</td> | |||
<td>Khanh Van Pham <br /> An Trinh</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109097 109097]</td> | |||
<td>Insecure object deserialization [https://cwe.mitre.org/data/definitions/502.html CWE-502]</td> | |||
<td nowrap>[https://nvd.nist.gov/vuln/detail/CVE-2019-6980 CVE-2019-6980]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:A/AC:M/Au:N/C:P/I:P/A:P) 5.4]</td> | |||
<td>Major</td> | |||
<td>8.7.11 Patch9 <br /> 8.8.9 Patch10 <br /> 8.8.10 Patch7 <br /> 8.8.11 Patch3 <br /> 8.8.12</td> | |||
<td>An Trinh</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109093 109093]</td> | |||
<td>XXE [https://cwe.mitre.org/data/definitions/611.html CWE-611]</td> | |||
<td nowrap>[https://nvd.nist.gov/vuln/detail/CVE-2018-20160 CVE-2018-20160]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4]</td> | |||
<td>Major</td> | |||
<td>8.7.x see [https://bugzilla.zimbra.com/show_bug.cgi?id=109129 109129] above <br /> 8.8.9 Patch9 <br /> 8.8.10 Patch5 <br /> 8.8.11 Patch1 <br /> 8.8.12</td> | |||
<td>An Trinh</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109017 109017]</td> | |||
<td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2018-14013 CVE-2018-14013]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | |||
<td>Minor</td> | |||
<td>8.7.11 Patch8 <br /> 8.8.9 Patch9 <br /> 8.8.10 Patch5 <br /> 8.8.11 </td> | |||
<td>Issam Rabhi of Sysdream</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109020 109020]</td> | |||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2018-18631 CVE-2018-18631]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0]</td> | |||
<td>Major</td> | |||
<td>8.7.11 Patch7 <br /> 8.8.9 Patch7 <br /> 8.8.10 Patch2 <br /> 8.8.11 </td> | |||
<td>Netragard</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109018 109018]</td> | |||
<td>Non-Persistent [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2018-14013 CVE-2018-14013]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td> | |||
<td>Minor</td> | |||
<td>8.7.11 Patch7 <br /> 8.8.9 Patch6 <br /> 8.8.10 Patch1 <br /> 8.8.11 </td> | |||
<td>Issam Rabhi of Sysdream</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109021 109021]</td> | |||
<td>Limited Content Spoofing [https://cwe.mitre.org/data/definitions/345.html CWE-345]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2018-17938 CVE-2018-17938]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | |||
<td>Minor</td> | |||
<td>8.8.10</td> | |||
<td>Sumit Sahoo</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=109012 109012]</td> | |||
<td>Account Enumeration [https://cwe.mitre.org/data/definitions/203.html CWE-203]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2018-15131 CVE-2018-15131]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0]</td> | |||
<td>Major</td> | |||
<td>8.7.11 Patch6 <br /> 8.8.8 Patch9 <br /> 8.8.9 Patch3</td> | |||
<td>Danielle Deibler</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=108970 108970]</td> | |||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2018-14425 CVE-2018-14425]</td> | |||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | |||
<td>Minor</td> | |||
<td>8.8.8 Patch7 <br /> 8.8.9 Patch1</td> | |||
<td>Diego Di Nardo</td> | |||
</tr> | </tr> | ||
Line 30: | Line 274: | ||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | <td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td> | <td>8.6.0 Patch11 <br /> 8.7.11 Patch4 <br /> 8.8.8 Patch4</td> | ||
<td>Diego Di Nardo</td> | <td>Diego Di Nardo</td> | ||
</tr> | </tr> | ||
Line 40: | Line 284: | ||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5]</td> | <td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.11 Patch3<br /> 8.8.8</td> | <td>8.7.11 Patch3 <br /> 8.8.8</td> | ||
<td>Netragard</td> | <td>Netragard</td> | ||
</tr> | </tr> | ||
Line 46: | Line 290: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=108962 108962]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=108962 108962]</td> | ||
<td> | <td>Account Enumeration [https://cwe.mitre.org/data/definitions/203.html CWE-203]</td> | ||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2018-10949 CVE-2018-10949]</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2018-10949 CVE-2018-10949]</td> | ||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0]</td> | <td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0]</td> | ||
Line 60: | Line 304: | ||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:H/Au:S/C:P/I:P/A:N) 3.6]</td> | <td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:H/Au:S/C:P/I:P/A:N) 3.6]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch10 <br /> 8.7.11 Patch3<br /> 8.8.8</td> | <td>8.6.0 Patch10 <br /> 8.7.11 Patch3 <br /> 8.8.8</td> | ||
<td>Netragard</td> | <td>Netragard</td> | ||
</tr> | </tr> | ||
Line 80: | Line 324: | ||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch10 <br />8.7.11 Patch1 <br /> 8.8.7 <br /> 8.8.8</td> | <td>8.6.0 Patch10 <br /> 8.7.11 Patch1 <br /> 8.8.7 <br /> 8.8.8</td> | ||
<td>Stephan Kaag of Securify</td> | <td>Stephan Kaag of Securify</td> | ||
</tr> | </tr> | ||
Line 109: | Line 353: | ||
</td> | </td> | ||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2018-10948</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2018-10948 CVE-2018-10948]</td> | ||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | <td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch10 <br /> 8.7.11 Patch3 <br />8.8.0 Beta2</td> | <td>8.6.0 Patch10 <br /> 8.7.11 Patch3 <br /> 8.8.0 Beta2</td> | ||
<td>Lucideus <br /> Phil Pearl</td> | <td>Lucideus <br /> Phil Pearl</td> | ||
</tr> | </tr> | ||
Line 152: | Line 396: | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:S/C:N/I:P/A:N) 4.0]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:S/C:N/I:P/A:N) 4.0]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.7.6</td> | <td>8.6.0 Patch9 <br /> 8.7.6</td> | ||
<td>Greg Solovyev</td> | <td>Greg Solovyev</td> | ||
</tr> | </tr> | ||
Line 158: | Line 402: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=106811 106811]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=106811 106811]</td> | ||
<td> | <td>XXE [https://cwe.mitre.org/data/definitions/611.html CWE-611]</td> | ||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2016-9924 CVE-2016-9924]</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-9924 CVE-2016-9924]</td> | ||
<td>[https://nvd.nist.gov/cvss | <td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | ||
<td> | <td>Major</td> | ||
<td>8.6.0 Patch10 <br /> 8.7.4</td> | <td>8.6.0 Patch10 <br /> 8.7.4</td> | ||
<td>Alastair Gray</td> | <td>Alastair Gray</td> | ||
Line 169: | Line 413: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=106612 106612]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=106612 106612]</td> | ||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>[https:// | <td>[https://nvd.nist.gov/vuln/detail/CVE-2017-7288 CVE-2017-7288]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.1</td> | <td>8.6.0 Patch11 <br /> 8.7.1</td> | ||
<td>Sammy Forgit</td> | <td>Sammy Forgit</td> | ||
</tr> | </tr> | ||
Line 180: | Line 424: | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=105174 105174]</td> | [https://bugzilla.zimbra.com/show_bug.cgi?id=105174 105174]</td> | ||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2016-5721</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-5721 CVE-2016-5721]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:S/C:N/I:P/A:N) 2.1]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:S/C:N/I:P/A:N) 2.1]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.6.0 Patch11 <br /> 8.7.0</td> | ||
<td>Secu</td> | <td>Secu</td> | ||
</tr> | </tr> | ||
Line 191: | Line 435: | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104703 104703]</td> | [https://bugzilla.zimbra.com/show_bug.cgi?id=104703 104703]</td> | ||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2016-3999</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-3999 CVE-2016-3999]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
Line 200: | Line 444: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104477 104477]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104477 104477]</td> | ||
<td> | <td>Open Redirect [https://cwe.mitre.org/data/definitions/601.html CWE-601]</td> | ||
<td>CVE-2016-4019</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-4019 CVE-2016-4019]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
Line 211: | Line 455: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104294 104294] <br /> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104294 104294] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104456 104456]</td> | [https://bugzilla.zimbra.com/show_bug.cgi?id=104456 104456]</td> | ||
<td>CSRF [ | <td>CSRF [https://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | ||
<td>CVE-2016-3406</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-3406 CVE-2016-3406]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
Line 220: | Line 464: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104222 104222] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104910 104910] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=105071 105071] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=105175 105175]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104222 104222] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104910 104910] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=105071 105071] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=105175 105175]</td> | |||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2016-3407</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-3407 CVE-2016-3407]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:S/C:N/I:P/A:N) 2.1]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:S/C:N/I:P/A:N) 2.1]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.6.0 Patch11 <br /> 8.7.0</td> | ||
<td>Zimbra</td> | <td>Zimbra</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103997 103997] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104413 104413] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104414 104414] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104777 104777] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104791 104791]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103997 103997] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104413 104413] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104414 104414] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104777 104777] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104791 104791]</td> | |||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2016-3412</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-3412 CVE-2016-3412]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
Line 241: | Line 492: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103996 103996]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103996 103996]</td> | ||
<td> | <td>XXE (Admin) [https://cwe.mitre.org/data/definitions/611.html CWE-611]-</td> | ||
<td>CVE-2016-3413</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-3413 CVE-2016-3413]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.6.0 Patch11 <br /> 8.7.0</td> | ||
<td>Zimbra</td> | <td>Zimbra</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103961 103961] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104828 104828]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103961 103961] <br /> | ||
<td>CSRF [ | [https://bugzilla.zimbra.com/show_bug.cgi?id=104828 104828]</td> | ||
<td>CVE-2016-3405</td> | <td>CSRF [https://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | ||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2016-3405 CVE-2016-3405]</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
Line 261: | Line 513: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103959 103959]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103959 103959]</td> | ||
<td>CSRF [ | <td>CSRF [https://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | ||
<td>CVE-2016-3404</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-3404 CVE-2016-3404]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
Line 270: | Line 522: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103956 103956] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=103995 103995] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104475 104475] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104838 104838] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104839 104839]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103956 103956] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=103995 103995] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104475 104475] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104838 104838] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104839 104839]</td> | |||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2016-3410</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-3410 CVE-2016-3410]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td> 8.6.0 Patch11 <br /> 8.7.0</td> | ||
<td>Zimbra</td> | <td>Zimbra</td> | ||
</tr> | </tr> | ||
Line 282: | Line 538: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103609 103609]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103609 103609]</td> | ||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2016-3411</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-3411 CVE-2016-3411]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.6.0 Patch11 <br /> 8.7.0</td> | ||
<td>Zimbra</td> | <td>Zimbra</td> | ||
</tr> | </tr> | ||
Line 292: | Line 548: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102637 102637]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102637 102637]</td> | ||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2016-3409</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-3409 CVE-2016-3409]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.6.0 Patch11 <br /> 8.7.0</td> | ||
<td>Peter Nguyen</td> | <td>Peter Nguyen</td> | ||
</tr> | </tr> | ||
Line 301: | Line 557: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102276 102276]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102276 102276]</td> | ||
<td>[https://cwe.mitre.org/data/definitions/502.html CWE-502]</td> | <td>Deserialization of Untrusted Data [https://cwe.mitre.org/data/definitions/502.html CWE-502]</td> | ||
<td>CVE-2016-3415</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-3415 CVE-2016-3415]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
Line 311: | Line 567: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102227 102227]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102227 102227]</td> | ||
<td>[https://cwe.mitre.org/data/definitions/502.html CWE-502]</td> | <td>Deserialization of Untrusted Data [https://cwe.mitre.org/data/definitions/502.html CWE-502]</td> | ||
<td>n/a</td> | <td>n/a</td> | ||
<td>7.5</td> | <td>7.5</td> | ||
Line 322: | Line 578: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102029 102029]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102029 102029]</td> | ||
<td>[https://cwe.mitre.org/data/definitions/674.html CWE-674]</td> | <td>[https://cwe.mitre.org/data/definitions/674.html CWE-674]</td> | ||
<td>CVE-2016-3414</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-3414 CVE-2016-3414]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:S/C:N/I:N/A:P) 4.0]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:S/C:N/I:N/A:P) 4.0]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
Line 332: | Line 588: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101813 101813]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101813 101813]</td> | ||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2016-3408</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-3408 CVE-2016-3408]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.6.0 Patch11 <br /> 8.7.0</td> | ||
<td>Volexity</td> | <td>Volexity</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=100885 100885] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=100899 100899]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=100885 100885] <br /> | ||
<td>CSRF [ | [https://bugzilla.zimbra.com/show_bug.cgi?id=100899 100899]</td> | ||
<td>[https:// | <td>CSRF [https://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | ||
<td>[https://nvd.nist.gov/vuln/detail/CVE-2016-3403 CVE-2016-3403]</td> | |||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
Line 351: | Line 608: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99810 99810]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99810 99810]</td> | ||
<td> | <td>[https://cwe.mitre.org/data/definitions/284.html CWE-284] [https://cwe.mitre.org/data/definitions/203.html CWE-203]</td> | ||
<td>CVE-2016-3401</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-3401 CVE-2016-3401]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
Line 361: | Line 618: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99167 99167]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99167 99167]</td> | ||
<td> | <td>Account Enumeration [https://cwe.mitre.org/data/definitions/203.html CWE-203]</td> | ||
<td>CVE-2016-3402</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2016-3402 CVE-2016-3402]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
Line 370: | Line 627: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101435 101435] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=101436 101436]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101435 101435] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=101436 101436]</td> | |||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2015-7609</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2015-7609 CVE-2015-7609]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4]<br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4]<br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.3]</td> | ||
<td>Major</td> | <td>Major</td> | ||
Line 380: | Line 638: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101559 101559] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=100133 100133] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=99854 99854] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=99914 99914] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=96973 96973]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101559 101559] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=100133 100133] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=99854 99854] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=99914 99914] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=96973 96973]</td> | |||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2015-2249</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2015-2249 CVE-2015-2249]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
Line 400: | Line 662: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=98358 98358] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=98216 98216] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=98215 98215]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=98358 98358] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=98216 98216] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=98215 98215]</td> | |||
<td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2015-2249</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2015-2249 CVE-2015-2249]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
Line 412: | Line 676: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=97625 97625]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=97625 97625]</td> | ||
<td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2015-2230</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2015-2230 CVE-2015-2230]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
Line 422: | Line 686: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=96105 96105]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=96105 96105]</td> | ||
<td>Improper Input Validation [https://cwe.mitre.org/data/definitions/20.html CWE-20]</td> | <td>Improper Input Validation [https://cwe.mitre.org/data/definitions/20.html CWE-20]</td> | ||
<td>CVE-2014-8563</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2014-8563 CVE-2014-8563]</td> | ||
<td>[ | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.0.9 <br /> 8.5.1<br /> 8.6.0</td> | <td>8.0.9 <br /> 8.5.1 <br /> 8.6.0</td> | ||
<td> -</td> | <td> -</td> | ||
</tr> | </tr> | ||
Line 432: | Line 696: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=83547 83547]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=83547 83547]</td> | ||
<td>CSRF Vulnerability [https://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | <td>CSRF Vulnerability [https://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | ||
<td>CVE-2015-6541</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2015-6541 CVE-2015-6541]</td> | ||
<td>[ | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.5.0</td> | <td>8.5.0</td> | ||
Line 440: | Line 704: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=92825 92825] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=92833 92833] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=92835 92835]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=92825 92825] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=92833 92833] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=92835 92835]</td> | |||
<td>XSS Vulnerabilities [https://cwe.mitre.org/data/definitions/79.html CWE-79] <br /> (8.0.7 Patch <br /> contains [https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412])</td> | <td>XSS Vulnerabilities [https://cwe.mitre.org/data/definitions/79.html CWE-79] <br /> (8.0.7 Patch <br /> contains [https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412])</td> | ||
<td>CVE-2014-5500</td> | <td>[https://nvd.nist.gov/vuln/detail/CVE-2014-5500 CVE-2014-5500]</td> | ||
<td>[ | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.0.8 <br /> 8.5.0</td> | <td>8.0.8 <br /> 8.5.0</td> | ||
Line 452: | Line 719: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=83550 83550]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=83550 83550]</td> | ||
<td>Session Fixation [https://cwe.mitre.org/data/definitions/384.html CWE-384]</td> | <td>Session Fixation [https://cwe.mitre.org/data/definitions/384.html CWE-384]</td> | ||
<td>[https://nvd.nist.gov | <td>[https://nvd.nist.gov/vuln/detail/CVE-2013-5119 CVE-2013-5119]</td> | ||
<td>[ | <td>[https://nvd.nist.gov/cvss.cfm?version=2&vector=(AV:N/AC:M/AU:N/C:P/I:P/A:N) 5.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.5.0</td> | <td>8.5.0</td> | ||
Line 491: | Line 758: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=84547 84547]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=84547 84547]</td> | ||
<td>XXE [https://cwe.mitre.org/data/definitions/611.html CWE-611]</td> | <td>XXE [https://cwe.mitre.org/data/definitions/611.html CWE-611]</td> | ||
<td>[https://nvd.nist.gov | <td>[https://nvd.nist.gov/vuln/detail/CVE-2013-7217 CVE-2013-7217]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4] <br /> (not 10.0)</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4] <br /> (not 10.0)</td> | ||
<td>Critical</td> | <td>Critical</td> | ||
Line 526: | Line 793: | ||
<tr> | <tr> | ||
<td style="white-space:nowrap"> | <td style="white-space:nowrap"> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80450 80450] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80131 80131] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80445 80445] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80132 80132] | [https://bugzilla.zimbra.com/show_bug.cgi?id=80450 80450] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80131 80131] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80445 80445] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80132 80132] | |||
</td> | </td> | ||
<td style="white-space:nowrap"> | <td style="white-space:nowrap"> | ||
Upgrade to JDK 1.6 u41 <br /> Upgrade OpenSSL to 1.0.0k<br /> Upgrade to JDK 1.7u15+<br /> Upgrade to OpenSSL 1.0.1d</td> | Upgrade to JDK 1.6 u41 <br /> Upgrade OpenSSL to 1.0.0k <br /> Upgrade to JDK 1.7u15+ <br /> Upgrade to OpenSSL 1.0.1d</td> | ||
<td>n/a</td> | <td>n/a</td> | ||
<td>2.6</td> | <td>2.6</td> | ||
Line 538: | Line 808: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=80338 80338]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=80338 80338]</td> | ||
<td>Local file inclusion via skin/branding feature [ | <td>Local file inclusion via skin/branding feature [https://cwe.mitre.org/data/definitions/22.html CWE-22]</td> | ||
<td>[https://nvd.nist.gov | <td>[https://nvd.nist.gov/vuln/detail/CVE-2013-7091 CVE-2013-7091]</td> | ||
<td>[https://nvd.nist.gov/cvss/v2-calculator?name=CVE-2013-7091&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0]</td> | <td>[https://nvd.nist.gov/cvss/v2-calculator?name=CVE-2013-7091&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0]</td> | ||
<td>Critical</td> | <td>Critical</td> |
Revision as of 15:44, 16 December 2020
Zimbra Security Advisories
Overview
The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:
- Zimbra Collaboration - Network Edition: https://www.zimbra.com/downloads/ne-downloads.html
- Zimbra Collaboration - Open-Source Edition: https://www.zimbra.com/downloads/os-downloads.html
Zimbra Collaboration - Security Vulnerability Advisories
Note: only supported versions are referenced, however older unsupported versions often have the same vulnerabilities and should be upgraded to supported versions as soon as possible.
(going back to ZCS 7.1.3)
Bug# | Summary | CVE-ID | CVSS Score |
Zimbra Rating |
Fix Release or Patch Version |
Reporter |
---|---|---|---|---|---|---|
XXE (CWE-776) vulnerability in saml consumer store servlet (Network Edition) | CVE-2020-35123 | Medium | 9.0.0 Patch 10 | Primerica | ||
XXE (CWE-776) vulnerability in saml consumer store servlet (Network Edition) | CVE-2020-35123 | Medium | 8.8.15 Patch 17 | Primerica | ||
XSS CWE-79 vulnerability in tinymce | n/a | 6.1 | Medium | 9.0.0 Patch 5 | Upstream, see CVE-2019-1010091 | |
Memory Leak in nodejs library mem | n/a | 5.5 | Medium | 9.0.0 Patch 5 | Upstream, see WS-2018-0236 | |
Persistent XSS | CVE-2020-13653 | Minor | 8.8.15 Patch 11, 9.0.0 Patch 4 | Telenet | ||
Unrestricted Upload of File with Dangerous Type CWE-434 | CVE-2020-12846 | 6.0 | Minor | 8.8.16 Patch 10, 9.0.0 Patch 3 | Telenet | |
Persistent XSS CWE-79 | CVE-2020-11737 | 4.3 | Minor | 9.0.0 Patch 2 | Zimbra | |
109174 | Non-Persistent XSS CWE-79 | CVE-2019-12427 | 4.3 | Minor | 8.8.15 Patch 1 | Meridian Miftari |
109141 | Non-Persistent XSS CWE-79 | CVE-2019-15313 | 4.3 | Minor | 8.8.15 Patch 1 | Quang Bui |
109124 | Non-Persistent XSS CWE-79 | CVE-2019-8947 | 2.6 | Minor | - | Issam Rabhi of Sysdream |
109123 | Persistent XSS CWE-79 | CVE-2019-8946 | 2.6 | Minor | - | Issam Rabhi of Sysdream |
109122 | Persistent XSS CWE-79 | CVE-2019-8945 | 3.5 | Minor | - | Issam Rabhi of Sysdream |
109117 | Persistent XSS CWE-79 | CVE-2019-11318 | 3.5 | Minor | 8.8.12 Patch 1 | Mondher Smii |
109127 | SSRF CWE-918 / CWE-807 | CVE-2019-9621 | 4.0 | Minor | 8.7.11 Patch11 8.8.9 Patch10 8.8.10 Patch8 8.8.11 Patch4 8.8.12 |
An Trinh |
109096 | Blind SSRF CWE-918 | CVE-2019-6981 | 4.0 | Minor | 8.7.11 Patch11 8.8.9 Patch10 8.8.10 Patch8 8.8.11 Patch4 8.8.12 |
An Trinh |
109129 | XXE CWE-611 (8.7.x only) |
CVE-2019-9670 | 6.4 | Major | 8.7.11 Patch10 | Khanh Van Pham An Trinh |
109097 | Insecure object deserialization CWE-502 | CVE-2019-6980 | 5.4 | Major | 8.7.11 Patch9 8.8.9 Patch10 8.8.10 Patch7 8.8.11 Patch3 8.8.12 |
An Trinh |
109093 | XXE CWE-611 | CVE-2018-20160 | 6.4 | Major | 8.7.x see 109129 above 8.8.9 Patch9 8.8.10 Patch5 8.8.11 Patch1 8.8.12 |
An Trinh |
109017 | Non-Persistent XSS CWE-79 | CVE-2018-14013 | 4.3 | Minor | 8.7.11 Patch8 8.8.9 Patch9 8.8.10 Patch5 8.8.11 |
Issam Rabhi of Sysdream |
109020 | Persistent XSS CWE-79 | CVE-2018-18631 | 5.0 | Major | 8.7.11 Patch7 8.8.9 Patch7 8.8.10 Patch2 8.8.11 |
Netragard |
109018 | Non-Persistent CWE-79 | CVE-2018-14013 | 2.6 | Minor | 8.7.11 Patch7 8.8.9 Patch6 8.8.10 Patch1 8.8.11 |
Issam Rabhi of Sysdream |
109021 | Limited Content Spoofing CWE-345 | CVE-2018-17938 | 4.3 | Minor | 8.8.10 | Sumit Sahoo |
109012 | Account Enumeration CWE-203 | CVE-2018-15131 | 5.0 | Major | 8.7.11 Patch6 8.8.8 Patch9 8.8.9 Patch3 |
Danielle Deibler |
108970 | Persistent XSS CWE-79 | CVE-2018-14425 | 3.5 | Minor | 8.8.8 Patch7 8.8.9 Patch1 |
Diego Di Nardo |
108902 | Persistent XSS CWE-79 | CVE-2018-10939 | 3.5 | Minor | 8.6.0 Patch11 8.7.11 Patch4 8.8.8 Patch4 |
Diego Di Nardo |
108963 | Verbose Error Messages CWE-209 | CVE-2018-10950 | 3.5 | Minor | 8.7.11 Patch3 8.8.8 |
Netragard |
108962 | Account Enumeration CWE-203 | CVE-2018-10949 | 5.0 | Major | 8.7.11 Patch3 8.8.8 |
Netragard |
108894 | Persistent XSS CWE-199 | CVE-2018-10951 | 3.6 | Minor | 8.6.0 Patch10 8.7.11 Patch3 8.8.8 |
Netragard |
97579 | CSRF CWE-352 | CVE-2015-7610 | 5.8 | Major | 8.6.0 Patch10 8.7.11 Patch2 8.8.8 Patch1 |
Fortinet's FortiGuard Labs |
108786 | Persistent XSS CWE-79 | CVE-2018-6882 | 4.3 | Minor | 8.6.0 Patch10 8.7.11 Patch1 8.8.7 8.8.8 |
Stephan Kaag of Securify |
108265 | Persistent XSS CWE-79 | CVE-2017-17703 | 4.3 | Minor | 8.6.0 Patch9 8.7.11 Patch1 8.8.3 |
Veit Hailperin |
107963 | Host header injection CWE-20 | - | 4.3 | Minor | 8.8.0 Beta2 | - |
107948 |
Persistent XSS CWE-79 | CVE-2018-10948 | 3.5 | Minor | 8.6.0 Patch10 8.7.11 Patch3 8.8.0 Beta2 |
Lucideus Phil Pearl |
107925 | Persistent XSS - snippet CWE-79 | CVE-2017-8802 | 3.5 | Minor | 8.6.0 Patch9 8.7.11 Patch1 8.8.0 Beta2 |
Compass Security |
107878 | Persistent XSS - location CWE-79 | CVE-2017-8783 | 4.0 | Minor | 8.7.10 | Stephan Kaag of Securify |
107712 | Improper limitation of file paths CWE-22 | CVE-2017-6821 | 4.0 | Minor | 8.7.6 | Greg Solovyev, Phil Pearl |
107684 | Improper handling of privileges CWE-280 | CVE-2017-6813 | 4.0 | Major | 8.6.0 Patch9 8.7.6 |
Greg Solovyev |
106811 | XXE CWE-611 | CVE-2016-9924 | 5.8 | Major | 8.6.0 Patch10 8.7.4 |
Alastair Gray |
106612 | Persistent XSS CWE-79 | CVE-2017-7288 | 4.3 | Minor | 8.6.0 Patch11 8.7.1 |
Sammy Forgit |
105001 105174 |
XSS CWE-79 | CVE-2016-5721 | 4.3 2.1 |
Minor | 8.6.0 Patch11 8.7.0 |
Secu |
104552 104703 |
XSS CWE-79 | CVE-2016-3999 | 4.3 | Minor | 8.7.0 | Nam Habach |
104477 | Open Redirect CWE-601 | CVE-2016-4019 | 4.3 | Minor | 8.7.0 | Zimbra |
104294 104456 |
CSRF CWE-352 | CVE-2016-3406 | 2.6 | Minor | 8.6.0 Patch8 8.7.0 |
Zimbra |
104222 105175 |
XSS CWE-79 | CVE-2016-3407 | 4.3 3.5 4.3 2.1 |
Minor | 8.6.0 Patch11 8.7.0 |
Zimbra |
103997 104791 |
XSS CWE-79 | CVE-2016-3412 | 3.5 | Minor | 8.7.0 | Zimbra |
103996 | XXE (Admin) CWE-611- | CVE-2016-3413 | 2.6 | Minor | 8.6.0 Patch11 8.7.0 |
Zimbra |
103961 104828 |
CSRF CWE-352 | CVE-2016-3405 | 4.3 | Minor | 8.6.0 Patch8 8.7.0 |
Zimbra |
103959 | CSRF CWE-352 | CVE-2016-3404 | 4.3 | Minor | 8.6.0 Patch8 8.7.0 |
Zimbra |
103956 104839 |
XSS CWE-79 | CVE-2016-3410 | 4.3 | Minor | 8.6.0 Patch11 8.7.0 |
Zimbra |
103609 | XSS CWE-79 | CVE-2016-3411 | 3.5 | Minor | 8.6.0 Patch11 8.7.0 |
Zimbra |
102637 | XSS CWE-79 | CVE-2016-3409 | 4.3 | Minor | 8.6.0 Patch11 8.7.0 |
Peter Nguyen |
102276 | Deserialization of Untrusted Data CWE-502 | CVE-2016-3415 | 5.8 | Major | 8.7.0 | Zimbra |
102227 | Deserialization of Untrusted Data CWE-502 | n/a | 7.5 | Major | 8.7.0 | Upstream, see CVE-2015-4852 |
102029 | CWE-674 | CVE-2016-3414 | 4.0 | Minor | 8.6.0 Patch7 8.7.0 |
Zimbra |
101813 | XSS CWE-79 | CVE-2016-3408 | 4.3 | Minor | 8.6.0 Patch11 8.7.0 |
Volexity |
100885 100899 |
CSRF CWE-352 | CVE-2016-3403 | 5.8 | Major | 8.6.0 Patch8 8.7.0 |
Sysdream |
99810 | CWE-284 CWE-203 | CVE-2016-3401 | 3.5 | Minor | 8.7.0 | Zimbra |
99167 | Account Enumeration CWE-203 | CVE-2016-3402 | 2.6 | Minor | 8.7.0 | Zimbra |
101435 101436 |
Persistent XSS CWE-79 | CVE-2015-7609 | 6.4 2.3 |
Major | 8.6.0 Patch5 8.7.0 |
Fortinet's FortiGuard Labs |
101559 96973 |
XSS CWE-79 | CVE-2015-2249 | 3.5 | Minor | 8.6.0 Patch5 8.7.0 |
Zimbra |
99236 | XSS Vuln in YUI components in ZCS | n/a | 4.3 | Minor | 8.6.0 Patch5 | Upstream, see CVE-2012-5881 CVE-2012-5882 CVE-2012-5883 |
98358 98215 |
Non-Persistent XSS CWE-79 | CVE-2015-2249 | 4.3 | Minor | 8.6.0 Patch2 8.7.0 |
Cure53 |
97625 | Non-Persistent XSS CWE-79 | CVE-2015-2230 | 3.5 | Minor | 8.6.0 Patch2 | MWR InfoSecurity |
96105 | Improper Input Validation CWE-20 | CVE-2014-8563 | 5.8 | Major | 8.0.9 8.5.1 8.6.0 |
- |
83547 | CSRF Vulnerability CWE-352 | CVE-2015-6541 | 5.8 | Major | 8.5.0 | iSEC Partners, Sysdream |
87412 92835 |
XSS Vulnerabilities CWE-79 (8.0.7 Patch contains 87412) |
CVE-2014-5500 | 4.3 | Minor | 8.0.8 8.5.0 |
- |
83550 | Session Fixation CWE-384 | CVE-2013-5119 | 5.8 | Major | 8.5.0 | - |
91484 | Patch ZCS8 OpenSSL for CVE-2014-0224 | n/a | 6.8 | Major |
8.0.3+Patch 8.0.4+Patch 8.0.5+Patch 8.0.6+Patch 8.0.7+Patch |
Upstream, see CVE-2014-0224 |
88708 | Patch ZCS8 OpenSSL for CVE-2014-0160 | n/a | 5.0 | Major |
8.0.3+Patch 8.0.4+Patch 8.0.5+Patch 8.0.6+Patch 8.0.7+Patch 8.0.7 |
Upstream, see CVE-2014-0160 |
85499 | Upgrade to OpenSSL 1.0.1f | n/a | 4.3 4.3 5.8 |
Major | 8.0.7 | Upstream, see CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 |
84547 | XXE CWE-611 | CVE-2013-7217 | 6.4 (not 10.0) |
Critical | 7.2.2_Patch3 7.2.3_Patch 7.2.4_Patch2 7.2.5_Patch 7.2.6 8.0.3_Patch3 8.0.4_Patch2 8.0.5_Patch 8.0.6 |
Private |
85478 | XSS vulnerability in message view | - | 6.4 | Major | 8.0.7 | Alban Diquet of iSEC Partners |
85411 | Local root privilege escalation | - | 6.2 | Major | 8.0.7 | Matthew David |
85000 | Patch nginx for CVE-2013-4547 | n/a | 7.5 | Major | 7.2.7 8.0.7 |
Upstream, see CVE-2013-4547 |
Upgrade to JDK 1.6 u41 Upgrade OpenSSL to 1.0.0k Upgrade to JDK 1.7u15+ Upgrade to OpenSSL 1.0.1d |
n/a | 2.6 | Minor | 7.2.3 7.2.3 8.0.3 8.0.3 |
Upstream, see CVE-2013-0169 |
|
80338 | Local file inclusion via skin/branding feature CWE-22 | CVE-2013-7091 | 5.0 | Critical | 6.0.16_Patch 7.1.1_Patch6 7.1.3_Patch3 7.2.2_Patch2 7.2.3 8.0.2_Patch 8.0.3 |
Private |
77655 | Separate keystore for CAs used for X509 authentication | - | 5.8 | Major | 8.0.7 | Private |
75424 | Upgrade to Clamav 0.97.5 | n/a | 4.3 4.3 4.3 |
Minor | 7.2.1 | Upstream, see CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 |
64981 | Do not allow HTTP GET for login | - | 6.8 | Major | 7.1.3_Patch 7.1.4 |
Private |
Try Zimbra
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Visit the User Help Page »
Visit the Official Forums »
Zimbra Documentation Page »
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »