Vulnerabilities > Zimbra > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2024-45518 Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46.
network
low complexity
zimbra CWE-918
8.8
2024-08-12 CVE-2024-27442 Improper Handling of Exceptional Conditions vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0.
local
low complexity
zimbra CWE-755
7.8
2024-08-12 CVE-2024-33535 Path Traversal vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0.
network
low complexity
zimbra CWE-22
7.5
2023-12-07 CVE-2023-41106 Unspecified vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3.
network
low complexity
zimbra
7.5
2023-07-31 CVE-2023-38750 Unspecified vulnerability in Zimbra
In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.
network
low complexity
zimbra
7.5
2023-07-06 CVE-2023-34193 Unrestricted Upload of File with Dangerous Type vulnerability in Zimbra Collaboration 8.8.15
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.
network
low complexity
zimbra CWE-434
8.8
2023-06-15 CVE-2023-24032 Command Injection vulnerability in Zimbra Collaboration 8.8.15/9.0.0
In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).
local
low complexity
zimbra CWE-77
7.8
2022-12-05 CVE-2022-45912 Unrestricted Upload of File with Dangerous Type vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0.
network
low complexity
zimbra CWE-434
7.2
2022-09-26 CVE-2022-41347 Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15).
local
low complexity
zimbra
7.8
2022-08-16 CVE-2022-37393 Unspecified vulnerability in Zimbra Collaboration
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters.
local
low complexity
zimbra
7.8