Vulnerabilities > Synacor > Zimbra Collaboration Suite

DATE CVE VULNERABILITY TITLE RISK
2018-05-10 CVE-2018-10951 mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.
network
low complexity
zimbra synacor
6.5
2018-05-10 CVE-2018-10950 Information Exposure vulnerability in Synacor Zimbra Collaboration Suite
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump.
network
low complexity
synacor CWE-200
5.3
2018-05-10 CVE-2018-10949 Information Exposure Through Discrepancy vulnerability in Synacor Zimbra Collaboration Suite
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors.
network
low complexity
synacor CWE-203
5.3
2018-03-27 CVE-2018-6882 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.
network
low complexity
synacor CWE-79
6.1
2018-02-04 CVE-2017-8783 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS.
network
low complexity
synacor CWE-79
5.4
2018-02-04 CVE-2017-17703 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS.
network
low complexity
synacor CWE-79
6.1
2017-05-23 CVE-2017-7288 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
synacor CWE-79
6.1
2017-05-23 CVE-2017-6821 Path Traversal vulnerability in Synacor Zimbra Collaboration Suite
Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors.
network
low complexity
synacor CWE-22
critical
9.8
2017-05-23 CVE-2017-6813 Unspecified vulnerability in Synacor Zimbra Collaboration Suite
A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations.
network
low complexity
synacor
critical
9.8
2017-05-17 CVE-2016-3403 Cross-Site Request Forgery (CSRF) vulnerability in Synacor Zimbra Collaboration Suite
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899.
network
low complexity
synacor CWE-352
8.8