Vulnerabilities > Synacor > Zimbra Collaboration Suite

DATE CVE VULNERABILITY TITLE RISK
2019-05-30 CVE-2018-15131 Information Exposure vulnerability in Synacor Zimbra Collaboration Suite
An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3.
network
low complexity
synacor CWE-200
5.3
2019-05-29 CVE-2019-9670 XXE vulnerability in Synacor Zimbra Collaboration Suite
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
network
low complexity
synacor CWE-611
critical
9.8
2019-05-29 CVE-2019-6981 Server-Side Request Forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite
Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.
network
low complexity
synacor CWE-918
6.5
2019-05-29 CVE-2019-6980 Deserialization of Untrusted Data vulnerability in Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component.
network
low complexity
synacor CWE-502
critical
9.8
2019-05-29 CVE-2018-20160 XXE vulnerability in Synacor Zimbra Collaboration Suite
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.
network
low complexity
synacor CWE-611
critical
9.8
2019-05-29 CVE-2018-18631 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS.
network
low complexity
synacor CWE-79
6.1
2019-05-29 CVE-2018-14013 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.
network
low complexity
synacor CWE-79
6.1
2018-10-03 CVE-2018-17938 Insufficient Verification of Data Authenticity vulnerability in Synacor Zimbra Collaboration Suite
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value.
network
low complexity
synacor CWE-345
5.3
2018-05-30 CVE-2018-10939 Cross-site Scripting vulnerability in multiple products
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.
network
low complexity
zimbra synacor CWE-79
6.1
2018-05-30 CVE-2015-7610 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.
network
low complexity
zimbra synacor CWE-352
8.8