Vulnerabilities > Synacor > Zimbra Collaboration Suite > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-02-18 CVE-2020-7796 Server-Side Request Forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
network
low complexity
synacor CWE-918
critical
9.8
2019-05-29 CVE-2018-20160 XXE vulnerability in Synacor Zimbra Collaboration Suite
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.
network
low complexity
synacor CWE-611
critical
9.8
2019-05-29 CVE-2019-6980 Deserialization of Untrusted Data vulnerability in Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component.
network
low complexity
synacor CWE-502
critical
9.8
2019-05-29 CVE-2019-9670 XXE vulnerability in Synacor Zimbra Collaboration Suite
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
network
low complexity
synacor CWE-611
critical
9.8
2017-05-23 CVE-2017-6813 Unspecified vulnerability in Synacor Zimbra Collaboration Suite
A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations.
network
low complexity
synacor
critical
9.8
2017-05-23 CVE-2017-6821 Path Traversal vulnerability in Synacor Zimbra Collaboration Suite
Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors.
network
low complexity
synacor CWE-22
critical
9.8
2017-03-29 CVE-2016-9924 XXE vulnerability in Synacor Zimbra Collaboration Suite
Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks.
network
low complexity
synacor CWE-611
critical
9.8
2017-01-18 CVE-2016-3415 Deserialization of Untrusted Data vulnerability in Synacor Zimbra Collaboration Suite
Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276.
network
low complexity
synacor CWE-502
critical
9.1