Zimbra Collaboration Suite

Do you want an email whenever new security vulnerabilities are reported in Zimbra Collaboration Suite?

By the Year

In 2024 there have been 0 vulnerabilities in Zimbra Collaboration Suite . Zimbra Collaboration Suite did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	0	0.00
2022	0	0.00
2021	0	0.00
2020	0	0.00
2019	0	0.00
2018	3	7.13

It may take a day or so for new Zimbra Collaboration Suite vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Zimbra Collaboration Suite Security Vulnerabilities

Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1

CVE-2015-7610 8.8 - High - May 30, 2018

Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.

Session Riding

Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS

CVE-2018-10939 6.1 - Medium - May 30, 2018

Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.

XSS

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10

CVE-2018-10951 6.5 - Medium - May 10, 2018

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Zimbra Collaboration Suite or by Zimbra? Click the Watch button to subscribe.

Zimbra
Vendor

Zimbra Collaboration Suite
Product

By the Year

Recent Zimbra Collaboration Suite Security Vulnerabilities

Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 CVE-2015-7610 8.8 - High - May 30, 2018

Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS CVE-2018-10939 6.1 - Medium - May 30, 2018

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 CVE-2018-10951 6.5 - Medium - May 10, 2018