Zimbra Security Advisories: Difference between revisions
(Updates for ZCS 8.7.0 release and other whitespace cleanup along with a few CWE references) |
(link scores to nist calculator, other minor updates) |
||
Line 27: | Line 27: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=105001 105001] <br /> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=105001 105001] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=105174 105174]</td> | [https://bugzilla.zimbra.com/show_bug.cgi?id=105174 105174]</td> | ||
<td><!-- 79 -->-</td> | <td><!-- XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79] -->-</td> | ||
<td>CVE-2016-5721</td> | <td>CVE-2016-5721</td> | ||
<td>4.3 <br /> 2.1</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:S/C:N/I:P/A:N) 2.1]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.7.0</td> | ||
Line 38: | Line 38: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104552 104552] <br /> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104552 104552] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104703 104703]</td> | [https://bugzilla.zimbra.com/show_bug.cgi?id=104703 104703]</td> | ||
<td><!-- 79 -->-</td> | <td><!-- XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79] -->-</td> | ||
<td>CVE-2016-3999</td> | <td>CVE-2016-3999</td> | ||
<td>4.3</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.7.0</td> | ||
Line 48: | Line 48: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104477 104477]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104477 104477]</td> | ||
<td><!-- 601 -->-</td> | <td><!-- [http://cwe.mitre.org/data/definitions/601.html CWE-601] -->-</td> | ||
<td>CVE-2016-4019</td> | <td>CVE-2016-4019</td> | ||
<td>4.3</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.7.0</td> | ||
Line 59: | Line 59: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104294 104294] <br /> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104294 104294] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104456 104456]</td> | [https://bugzilla.zimbra.com/show_bug.cgi?id=104456 104456]</td> | ||
<td><!-- 352 -->-</td> | <td><!-- [http://cwe.mitre.org/data/definitions/352.html CWE-352] -->-</td> | ||
<td>CVE-2016-3406</td> | <td>CVE-2016-3406</td> | ||
<td>2.6</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.7.0</td> | ||
Line 69: | Line 69: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104222 104222] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104910 104910] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=105071 105071] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=105175 105175]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104222 104222] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104910 104910] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=105071 105071] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=105175 105175]</td> | ||
<td><!-- 79 -->-</td> | <td><!-- XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79] -->-</td> | ||
<td>CVE-2016-3407</td> | <td>CVE-2016-3407</td> | ||
<td>4.3 <br /> 3.5 <br /> 4.3 <br /> 2.1</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:S/C:N/I:P/A:N) 2.1]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.7.0</td> | ||
Line 79: | Line 79: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103997 103997] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104413 104413] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104414 104414] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104777 104777] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104791 104791]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103997 103997] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104413 104413] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104414 104414] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104777 104777] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104791 104791]</td> | ||
<td><!-- 79 -->-</td> | <td><!-- XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79] -->-</td> | ||
<td>CVE-2016-3412</td> | <td>CVE-2016-3412</td> | ||
<td>3.5</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.7.0</td> | ||
Line 89: | Line 89: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103996 103996]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103996 103996]</td> | ||
<td><!-- 611 -->-</td> | <td><!-- [http://cwe.mitre.org/data/definitions/611.html CWE-611] -->-</td> | ||
<td>CVE-2016-3413</td> | <td>CVE-2016-3413</td> | ||
<td>2.6</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.7.0</td> | ||
Line 99: | Line 99: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103961 103961] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104828 104828]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103961 103961] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104828 104828]</td> | ||
<td><!-- 352 -->-</td> | <td><!-- [http://cwe.mitre.org/data/definitions/352.html CWE-352] -->-</td> | ||
<td>CVE-2016-3405</td> | <td>CVE-2016-3405</td> | ||
<td>4.3</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.7.0</td> | ||
Line 109: | Line 109: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103959 103959]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103959 103959]</td> | ||
<td><!-- 352 -->-</td> | <td><!-- [http://cwe.mitre.org/data/definitions/352.html CWE-352] -->-</td> | ||
<td>CVE-2016-3404</td> | <td>CVE-2016-3404</td> | ||
<td>4.3</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.7.0</td> | ||
Line 119: | Line 119: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103956 103956] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=103995 103995] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104475 104475] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104838 104838] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104839 104839]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103956 103956] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=103995 103995] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104475 104475] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104838 104838] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104839 104839]</td> | ||
<td><!-- 79 -->-</td> | <td><!-- XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79] -->-</td> | ||
<td>CVE-2016-3410</td> | <td>CVE-2016-3410</td> | ||
<td>4.3</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.7.0</td> | ||
Line 129: | Line 129: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103609 103609]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103609 103609]</td> | ||
<td><!-- 79 -->-</td> | <td><!-- XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79] -->-</td> | ||
<td>CVE-2016-3411</td> | <td>CVE-2016-3411</td> | ||
<td>3.5</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.7.0</td> | ||
Line 139: | Line 139: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102637 102637]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102637 102637]</td> | ||
<td><!-- 79 -->-</td> | <td><!-- XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79] -->-</td> | ||
<td>CVE-2016-3409</td> | <td>CVE-2016-3409</td> | ||
<td>4.3</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.7.0</td> | ||
Line 151: | Line 151: | ||
<td>[https://cwe.mitre.org/data/definitions/502.html CWE-502]</td> | <td>[https://cwe.mitre.org/data/definitions/502.html CWE-502]</td> | ||
<td>CVE-2016-3415</td> | <td>CVE-2016-3415</td> | ||
<td>5.8</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.7.0</td> | <td>8.7.0</td> | ||
Line 169: | Line 169: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102029 102029]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102029 102029]</td> | ||
<td>-</td> | <td><!-- [https://cwe.mitre.org/data/definitions/674.html CWE-674] -->-</td> | ||
<td>CVE-2016-3414</td> | <td>CVE-2016-3414</td> | ||
<td>4.0</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:S/C:N/I:N/A:P) 4.0]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch7 <br /> 8.7.0</td> | <td>8.6.0 Patch7 <br /> 8.7.0</td> | ||
Line 179: | Line 179: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101813 101813]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101813 101813]</td> | ||
<td>-</td> | <td><!-- XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79] -->-</td> | ||
<td>CVE-2016-3408</td> | <td>CVE-2016-3408</td> | ||
<td>4.3</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.7.0</td> | ||
Line 189: | Line 189: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=100899 100899]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=100899 100899]</td> | ||
<td>-</td> | <td><!-- [http://cwe.mitre.org/data/definitions/352.html CWE-352] -->-</td> | ||
<td>CVE-2016-3403</td> | <td>CVE-2016-3403</td> | ||
<td>6.8</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.7.0</td> | <td>8.7.0</td> | ||
Line 199: | Line 199: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99810 99810]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99810 99810]</td> | ||
<td>-</td> | <td><!-- [http://cwe.mitre.org/data/definitions/284.html CWE-284] [http://cwe.mitre.org/data/definitions/203.html CWE-203] -->-</td> | ||
<td>CVE-2016-3401</td> | <td>CVE-2016-3401</td> | ||
<td>3.5</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.7.0</td> | ||
Line 209: | Line 209: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99167 99167]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99167 99167]</td> | ||
<td>-</td> | <td><!-- [http://cwe.mitre.org/data/definitions/203.html CWE-203] -->-</td> | ||
<td>CVE-2016-3402</td> | <td>CVE-2016-3402</td> | ||
<td>2.6</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.7.0</td> | ||
Line 221: | Line 221: | ||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2015-7609</td> | <td>CVE-2015-7609</td> | ||
<td>6.4 <br /> (2.3 | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4]<br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.3]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.6.0 Patch5 <br /> 8.7.0</td> | <td>8.6.0 Patch5 <br /> 8.7.0</td> | ||
Line 231: | Line 231: | ||
<td>[https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>[https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2015-2249</td> | <td>CVE-2015-2249</td> | ||
<td>3.5</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch5 <br /> 8.7.0</td> | <td>8.6.0 Patch5 <br /> 8.7.0</td> | ||
Line 240: | Line 240: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99236 99236]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99236 99236]</td> | ||
<td>XSS Vuln in YUI components in ZCS</td> | <td>XSS Vuln in YUI components in ZCS</td> | ||
<td | <td>n/a</td> | ||
<td>4.3</td> | <td>4.3</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch5</td> | <td>8.6.0 Patch5</td> | ||
<td>Upstream</td> | <td style="white-space:nowrap">Upstream, see <br /> CVE-2012-5881 <br /> CVE-2012-5882 <br /> CVE-2012-5883</td> | ||
</tr> | </tr> | ||
Line 251: | Line 251: | ||
<td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2015-2249</td> | <td>CVE-2015-2249</td> | ||
<td>4.3</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch2 <br /> 8.7.0</td> | <td>8.6.0 Patch2 <br /> 8.7.0</td> | ||
Line 259: | Line 259: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=97625 97625]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=97625 97625]</td> | ||
<td> | <td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2015-2230</td> | <td>CVE-2015-2230</td> | ||
<td>3.5</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch2</td> | <td>8.6.0 Patch2</td> | ||
Line 271: | Line 271: | ||
<td>Improper Input Validation [https://cwe.mitre.org/data/definitions/20.html CWE-20]</td> | <td>Improper Input Validation [https://cwe.mitre.org/data/definitions/20.html CWE-20]</td> | ||
<td>CVE-2014-8563</td> | <td>CVE-2014-8563</td> | ||
<td>5.8</td> | <td>[http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.0.9 <br /> 8.5.1<br /> 8.6.0</td> | <td>8.0.9 <br /> 8.5.1<br /> 8.6.0</td> | ||
Line 281: | Line 281: | ||
<td>CSRF Vulnerability [https://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | <td>CSRF Vulnerability [https://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | ||
<td>CVE-2015-6541</td> | <td>CVE-2015-6541</td> | ||
<td>5.8</td> | <td>[http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.5.0</td> | <td>8.5.0</td> | ||
Line 291: | Line 291: | ||
<td>XSS Vulnerabilities [https://cwe.mitre.org/data/definitions/79.html CWE-79] <br /> (8.0.7 Patch <br /> contains [https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412])</td> | <td>XSS Vulnerabilities [https://cwe.mitre.org/data/definitions/79.html CWE-79] <br /> (8.0.7 Patch <br /> contains [https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412])</td> | ||
<td>CVE-2014-5500</td> | <td>CVE-2014-5500</td> | ||
<td>4.3</td> | <td>[http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.0.8 <br /> 8.5.0</td> | <td>8.0.8 <br /> 8.5.0</td> | ||
Line 301: | Line 301: | ||
<td>Session Fixation [https://cwe.mitre.org/data/definitions/384.html CWE-384]</td> | <td>Session Fixation [https://cwe.mitre.org/data/definitions/384.html CWE-384]</td> | ||
<td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5119 CVE-2013-5119]</td> | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5119 CVE-2013-5119]</td> | ||
<td>5.8</td> | <td>[http://nvd.nist.gov/cvss.cfm?version=2&vector=(AV:N/AC:M/AU:N/C:P/I:P/A:N) 5.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.5.0</td> | <td>8.5.0</td> | ||
Line 310: | Line 310: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=91484 91484]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=91484 91484]</td> | ||
<td>Patch ZCS8 OpenSSL for CVE-2014-0224</td> | <td>Patch ZCS8 OpenSSL for CVE-2014-0224</td> | ||
<td | <td>n/a</td> | ||
<td>6.8</td> | <td>6.8</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td style="white-space:nowrap"> | <td style="white-space:nowrap"> | ||
8.0.3+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.4+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.5+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.6+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.7+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]</td> | 8.0.3+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.4+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.5+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.6+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.7+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]</td> | ||
<td>Upstream</td> | <td style="white-space:nowrap">Upstream, see <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224 CVE-2014-0224]</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=88708 88708]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=88708 88708]</td> | ||
<td>Patch ZCS8 OpenSSL for CVE-2014-0160</td> | <td>Patch ZCS8 OpenSSL for CVE-2014-0160</td> | ||
<td> | <td>n/a</td> | ||
<td>5.0</td> | <td>5.0</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td style="white-space:nowrap"> | <td style="white-space:nowrap"> | ||
8.0.3+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.4+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.5+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.6+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.7+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.7</td> | 8.0.3+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.4+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.5+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.6+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.7+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.7</td> | ||
<td>Upstream</td> | <td>Upstream, see <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160 CVE-2014-0160] </td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=85499 85499]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=85499 85499]</td> | ||
<td>Upgrade to OpenSSL 1.0.1f</td> | <td>Upgrade to OpenSSL 1.0.1f</td> | ||
<td> | <td>n/a</td> | ||
<td>4.3 <br /> 4.3 <br /> 5.8</td> | <td>4.3 <br /> 4.3 <br /> 5.8</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.0.7</td> | <td>8.0.7</td> | ||
<td>Upstream</td> | <td>Upstream, see <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4353 CVE-2013-4353] <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6449 CVE-2013-6449] <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6450 CVE-2013-6450]</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=84547 84547]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=84547 84547]</td> | ||
<td> | <td>[https://cwe.mitre.org/data/definitions/611.html CWE-611]</td> | ||
<td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7217 CVE-2013-7217]</td> | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7217 CVE-2013-7217]</td> | ||
<td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4] <br /> (not 10.0)</td> | ||
<td>Critical</td> | <td>Critical</td> | ||
<td>7.2.2_Patch3 <br /> 7.2.3_Patch <br /> 7.2.4_Patch2 <br /> 7.2.5_Patch <br /> 7.2.6 <br /> 8.0.3_Patch3 <br /> 8.0.4_Patch2 <br /> 8.0.5_Patch <br /> 8.0.6</td> | <td>7.2.2_Patch3 <br /> 7.2.3_Patch <br /> 7.2.4_Patch2 <br /> 7.2.5_Patch <br /> 7.2.6 <br /> 8.0.3_Patch3 <br /> 8.0.4_Patch2 <br /> 8.0.5_Patch <br /> 8.0.6</td> | ||
Line 366: | Line 366: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=85000 85000]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=85000 85000]</td> | ||
<td>Patch nginx for CVE-2013-4547</td> | <td>Patch nginx for CVE-2013-4547</td> | ||
<td> | <td>n/a</td> | ||
<td>7.5</td> | <td>7.5</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>7.2.7 <br /> 8.0.7</td> | <td>7.2.7 <br /> 8.0.7</td> | ||
<td>Upstream</td> | <td>Upstream, see <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4547 CVE-2013-4547]</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 378: | Line 378: | ||
<td style="white-space:nowrap"> | <td style="white-space:nowrap"> | ||
Upgrade to JDK 1.6 u41 <br /> Upgrade OpenSSL to 1.0.0k<br /> Upgrade to JDK 1.7u15+<br /> Upgrade to OpenSSL 1.0.1d</td> | Upgrade to JDK 1.6 u41 <br /> Upgrade OpenSSL to 1.0.0k<br /> Upgrade to JDK 1.7u15+<br /> Upgrade to OpenSSL 1.0.1d</td> | ||
<td> | <td>n/a</td> | ||
<td>2.6</td> | <td>2.6</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>7.2.3 <br /> 7.2.3 <br /> 8.0.3 <br /> 8.0.3</td> | <td>7.2.3 <br /> 7.2.3 <br /> 8.0.3 <br /> 8.0.3</td> | ||
<td>Upstream</td> | <td>Upstream, see <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169 CVE-2013-0169]</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=80338 80338]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=80338 80338]</td> | ||
<td>Local file inclusion via skin/branding feature</td> | <td>Local file inclusion via skin/branding feature [http://cwe.mitre.org/data/definitions/22.html CWE-22]</td> | ||
<td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7091 CVE-2013-7091]</td> | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7091 CVE-2013-7091]</td> | ||
<td>5.0</td> | <td>[https://nvd.nist.gov/cvss/v2-calculator?name=CVE-2013-7091&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0]</td> | ||
<td>Critical</td> | <td>Critical</td> | ||
<td style="white-space:nowrap">6.0.16_Patch <br /> 7.1.1_Patch6 <br /> 7.1.3_Patch3 <br /> 7.2.2_Patch2 <br /> 7.2.3 <br /> 8.0.2_Patch <br /> 8.0.3</td> | <td style="white-space:nowrap">6.0.16_Patch <br /> 7.1.1_Patch6 <br /> 7.1.3_Patch3 <br /> 7.2.2_Patch2 <br /> 7.2.3 <br /> 8.0.2_Patch <br /> 8.0.3</td> | ||
Line 405: | Line 405: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=75424 75424]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=75424 75424]</td> | ||
<td>Upgrade to Clamav 0.97.5</td> | <td>Upgrade to Clamav 0.97.5</td> | ||
<td> | <td>n/a</td> | ||
<td>4.3 <br /> 4.3 <br /> 4.3</td> | <td>4.3 <br /> 4.3 <br /> 4.3</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>7.2.1</td> | <td>7.2.1</td> | ||
<td>Upstream</td> | <td>Upstream, see <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1457 CVE-2012-1457] <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1458 CVE-2012-1458] <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1459 CVE-2012-1459]</td> | ||
</tr> | </tr> | ||
<tr> | <tr> |
Revision as of 06:14, 9 July 2016
Zimbra Security Advisories
Overview
The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:
- Zimbra Collaboration - Network Edition: https://www.zimbra.com/downloads/ne-downloads.html
- Zimbra Collaboration - Open-Source Edition: https://www.zimbra.com/downloads/os-downloads.html
Zimbra Collaboration - Security Vulnerability Advisories
(going back to ZCS 7.1.3)
Bug# | Summary | CVE-ID | CVSS Score |
Zimbra Rating |
Fix Release or Patch Version |
Reporter |
---|---|---|---|---|---|---|
105001 105174 |
- | CVE-2016-5721 | 4.3 2.1 |
Minor | 8.7.0 | Secu |
104552 104703 |
- | CVE-2016-3999 | 4.3 | Minor | 8.7.0 | Nam Habach |
104477 | - | CVE-2016-4019 | 4.3 | Minor | 8.7.0 | Zimbra |
104294 104456 |
- | CVE-2016-3406 | 2.6 | Minor | 8.7.0 | Zimbra |
104222 104910 105071 105175 |
- | CVE-2016-3407 | 4.3 3.5 4.3 2.1 |
Minor | 8.7.0 | Zimbra |
103997 104413 104414 104777 104791 |
- | CVE-2016-3412 | 3.5 | Minor | 8.7.0 | Zimbra |
103996 | - | CVE-2016-3413 | 2.6 | Minor | 8.7.0 | Zimbra |
103961 104828 |
- | CVE-2016-3405 | 4.3 | Minor | 8.7.0 | Zimbra |
103959 | - | CVE-2016-3404 | 4.3 | Minor | 8.7.0 | Zimbra |
103956 103995 104475 104838 104839 |
- | CVE-2016-3410 | 4.3 | Minor | 8.7.0 | Zimbra |
103609 | - | CVE-2016-3411 | 3.5 | Minor | 8.7.0 | Zimbra |
102637 | - | CVE-2016-3409 | 4.3 | Minor | 8.7.0 | Peter Nguyen |
102276 | CWE-502 | CVE-2016-3415 | 5.8 | Major | 8.7.0 | Zimbra |
102227 | CWE-502 | n/a | 7.5 | Major | 8.7.0 | Upstream, see CVE-2015-4852 |
102029 | - | CVE-2016-3414 | 4.0 | Minor | 8.6.0 Patch7 8.7.0 |
Zimbra |
101813 | - | CVE-2016-3408 | 4.3 | Minor | 8.7.0 | Volexity |
100899 | - | CVE-2016-3403 | 6.8 | Major | 8.7.0 | Sysdream |
99810 | - | CVE-2016-3401 | 3.5 | Minor | 8.7.0 | Zimbra |
99167 | - | CVE-2016-3402 | 2.6 | Minor | 8.7.0 | Zimbra |
101435 101436 |
Persistent XSS CWE-79 | CVE-2015-7609 | 6.4 2.3 |
Major | 8.6.0 Patch5 8.7.0 |
Fortinet's FortiGuard Labs |
101559 100133 99854 99914 96973 |
CWE-79 | CVE-2015-2249 | 3.5 | Minor | 8.6.0 Patch5 8.7.0 |
Zimbra |
99236 | XSS Vuln in YUI components in ZCS | n/a | 4.3 | Minor | 8.6.0 Patch5 | Upstream, see CVE-2012-5881 CVE-2012-5882 CVE-2012-5883 |
98358 98216 98215 |
Non-Persistent XSS CWE-79 | CVE-2015-2249 | 4.3 | Minor | 8.6.0 Patch2 8.7.0 |
Cure53 |
97625 | Non-Persistent XSS CWE-79 | CVE-2015-2230 | 3.5 | Minor | 8.6.0 Patch2 | MWR InfoSecurity |
96105 | Improper Input Validation CWE-20 | CVE-2014-8563 | 5.8 | Major | 8.0.9 8.5.1 8.6.0 |
- |
83547 | CSRF Vulnerability CWE-352 | CVE-2015-6541 | 5.8 | Major | 8.5.0 | iSEC Partners, Sysdream |
87412 92825 92833 92835 |
XSS Vulnerabilities CWE-79 (8.0.7 Patch contains 87412) |
CVE-2014-5500 | 4.3 | Minor | 8.0.8 8.5.0 |
- |
83550 | Session Fixation CWE-384 | CVE-2013-5119 | 5.8 | Major | 8.5.0 | - |
91484 | Patch ZCS8 OpenSSL for CVE-2014-0224 | n/a | 6.8 | Major |
8.0.3+Patch 8.0.4+Patch 8.0.5+Patch 8.0.6+Patch 8.0.7+Patch |
Upstream, see CVE-2014-0224 |
88708 | Patch ZCS8 OpenSSL for CVE-2014-0160 | n/a | 5.0 | Major |
8.0.3+Patch 8.0.4+Patch 8.0.5+Patch 8.0.6+Patch 8.0.7+Patch 8.0.7 |
Upstream, see CVE-2014-0160 |
85499 | Upgrade to OpenSSL 1.0.1f | n/a | 4.3 4.3 5.8 |
Major | 8.0.7 | Upstream, see CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 |
84547 | CWE-611 | CVE-2013-7217 | 6.4 (not 10.0) |
Critical | 7.2.2_Patch3 7.2.3_Patch 7.2.4_Patch2 7.2.5_Patch 7.2.6 8.0.3_Patch3 8.0.4_Patch2 8.0.5_Patch 8.0.6 |
Private |
85478 | XSS vulnerability in message view | - | 6.4 | Major | 8.0.7 | Alban Diquet of iSEC Partners |
85411 | Local root privilege escalation | - | 6.2 | Major | 8.0.7 | Matthew David |
85000 | Patch nginx for CVE-2013-4547 | n/a | 7.5 | Major | 7.2.7 8.0.7 |
Upstream, see CVE-2013-4547 |
Upgrade to JDK 1.6 u41 Upgrade OpenSSL to 1.0.0k Upgrade to JDK 1.7u15+ Upgrade to OpenSSL 1.0.1d |
n/a | 2.6 | Minor | 7.2.3 7.2.3 8.0.3 8.0.3 |
Upstream, see CVE-2013-0169 |
|
80338 | Local file inclusion via skin/branding feature CWE-22 | CVE-2013-7091 | 5.0 | Critical | 6.0.16_Patch 7.1.1_Patch6 7.1.3_Patch3 7.2.2_Patch2 7.2.3 8.0.2_Patch 8.0.3 |
Private |
77655 | Separate keystore for CAs used for X509 authentication | - | 5.8 | Major | 8.0.7 | Private |
75424 | Upgrade to Clamav 0.97.5 | n/a | 4.3 4.3 4.3 |
Minor | 7.2.1 | Upstream, see CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 |
64981 | Do not allow HTTP GET for login | - | 6.8 | Major | 7.1.3_Patch 7.1.4 |
Private |
Try Zimbra
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Visit the User Help Page »
Visit the Official Forums »
Zimbra Documentation Page »
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »