Vulnerabilities > Zimbra > Collaboration > 9.0.0

DATE CVE VULNERABILITY TITLE RISK
2022-04-21 CVE-2022-27924 Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance.
network
low complexity
zimbra
7.5
7.5
2022-04-21 CVE-2022-27926 Unspecified vulnerability in Zimbra Collaboration 9.0.0
A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.
network
low complexity
zimbra
6.1
6.1
2021-07-02 CVE-2021-34807 Open Redirect vulnerability in Zimbra Collaboration
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0.
network
low complexity
zimbra CWE-601
6.1
6.1
2021-07-02 CVE-2021-35207 Cross-site Scripting vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16.
network
low complexity
zimbra CWE-79
6.1
6.1
2021-07-02 CVE-2021-35209 Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration
An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16.
network
low complexity
zimbra CWE-918
critical
 9.8
9.8
2020-12-17 CVE-2020-35123 XXE vulnerability in Zimbra Collaboration
In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks.
network
low complexity
zimbra CWE-611
6.5
6.5