9.0.0

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

zimbra

CWE-862

NVD

Published: 2024-02-13

Updated: 2024-11-21

Summary

In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp.

Vulnerable Configurations

Part	Description	Count
Application	Zimbra Zimbra Collaboration 9.0.0 Zimbra Collaboration 8.8.15	67

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories