Vulnerabilities > Zimbra > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-22 | CVE-2024-45518 | Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. | 8.8 |
| 2024-08-12 | CVE-2024-27442 | Improper Handling of Exceptional Conditions vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. | 7.8 |
| 2024-08-12 | CVE-2024-33535 | Path Traversal vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. | 7.5 |
| 2023-12-07 | CVE-2023-41106 | Unspecified vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. | 7.5 |
| 2023-07-31 | CVE-2023-38750 | Unspecified vulnerability in Zimbra In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed. | 7.5 |
| 2023-07-06 | CVE-2023-34193 | Unrestricted Upload of File with Dangerous Type vulnerability in Zimbra Collaboration 8.8.15 File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function. | 8.8 |
| 2023-06-15 | CVE-2023-24032 | Command Injection vulnerability in Zimbra Collaboration 8.8.15/9.0.0 In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE). | 7.8 |
| 2022-12-05 | CVE-2022-45912 | Unrestricted Upload of File with Dangerous Type vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. | 7.2 |
| 2022-09-26 | CVE-2022-41347 | Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). | 7.8 |
| 2022-04-21 | CVE-2022-27925 | Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0 Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. | 7.2 |