Vulnerabilities > Zimbra > Collaboration

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2024-45518 Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46.
network
low complexity
zimbra CWE-918
8.8
2024-10-02 CVE-2024-45519 Unspecified vulnerability in Zimbra Collaboration
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
network
low complexity
zimbra
critical
9.8
2024-08-12 CVE-2024-27442 Improper Handling of Exceptional Conditions vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0.
local
low complexity
zimbra CWE-755
7.8
2024-08-12 CVE-2024-27443 Cross-site Scripting vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0.
network
low complexity
zimbra CWE-79
6.1
2024-08-12 CVE-2024-33533 Cross-site Scripting vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2.
network
low complexity
zimbra CWE-79
5.4
2024-08-12 CVE-2024-33535 Path Traversal vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0.
network
low complexity
zimbra CWE-22
7.5
2024-08-12 CVE-2024-33536 Cross-site Scripting vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0.
network
low complexity
zimbra CWE-79
5.4
2024-02-13 CVE-2023-50808 Cross-site Scripting vulnerability in Zimbra Collaboration
Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI.
network
low complexity
zimbra CWE-79
6.1
2024-02-13 CVE-2023-26562 Missing Authorization vulnerability in Zimbra Collaboration 8.8.15/9.0.0
In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp.
network
low complexity
zimbra CWE-862
6.5
2024-02-13 CVE-2023-45206 Cross-site Scripting vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0.
network
low complexity
zimbra CWE-79
6.1