Vulnerabilities > Zimbra > Collaboration > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-02 CVE-2024-45519 Unspecified vulnerability in Zimbra Collaboration
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
network
low complexity
zimbra
critical
 9.8
9.8
2023-07-06 CVE-2023-34192 Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.
network
low complexity
zimbra CWE-79
critical
 9.0
9.0
2023-07-06 CVE-2023-29382 Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
network
low complexity
zimbra
critical
 9.8
9.8
2023-07-06 CVE-2023-29381 Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.
network
low complexity
zimbra
critical
 9.8
9.8
2022-09-26 CVE-2022-41352 Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0.
network
low complexity
zimbra CWE-22
critical
 9.8
9.8
2022-08-12 CVE-2022-37042 Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it.
network
low complexity
zimbra CWE-22
critical
 9.8
9.8
2022-07-11 CVE-2022-32294 Incorrect Authorization vulnerability in Zimbra Collaboration 8.8.15
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command).
network
low complexity
zimbra CWE-863
critical
 9.8
9.8
2021-07-02 CVE-2021-35209 Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration
An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16.
network
low complexity
zimbra CWE-918
critical
 9.8
9.8