CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 0CVE-2019-6980
https://notcve.org/view.php?id=CVE-2019-6980
Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component. Synacor Zimbra Collaboration Suite versión 8.7.x hasta la 8.8.11, permite una deserialización no segura de objetos en el componente IMAP. • https://bugzilla.zimbra.com/show_bug.cgi?id=109097 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 3CVE-2018-14013 – Zimbra Collaboration Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-14013
Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients. Synacor Zimbra Collaboration Suite Collaboration anteriores a la versión 8.8.11, tiene una vulnerabilidad de tipo XSS en los clientes web AJAX y html. Zimbra Collaboration versions prior to 8.8.11 suffer from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/151472/Zimbra-Collaboration-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Feb/3 http://www.openwall.com/lists/oss-security/2019/01/30/1 http://www.securityfocus.com/bid/106787 https://bugzilla.zimbra.com/show_bug.cgi?id=109017 https://bugzilla.zimbra.com/show_bug.cgi?id=109018 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17938
https://notcve.org/view.php?id=CVE-2018-17938
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value. Zimbra Collaboration en versiones anteriores a la 8.8.10 GA permite la suplantación de contenido de texto mediante un valor loginErrorCode. • https://bugzilla.zimbra.com/show_bug.cgi?id=109021 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.10 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-10939
https://notcve.org/view.php?id=CVE-2018-10939
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group. Zimbra Web Client (ZWC) en Zimbra Collaboration Suite en versiones 8.8 anteriores a la 8.8.8.Patch4 y versiones 8.7 anteriores a la 8.7.11.Patch4 tiene Cross-Site Scripting (XSS) persistente mediante un grupo de contactos. • https://blog.zimbra.com/2018/05/new-zimbra-patches-8-8-8-patch-4-and-8-7-11-patch-4 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P4 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P4 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 6%CPEs: 13EXPL: 0CVE-2015-7610
https://notcve.org/view.php?id=CVE-2015-7610
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token. Vulnerabilidad Cross-Site Request Forgery (CSRF) en el formulario de inicio de sesión en Zimbra Collaboration Suite (ZCS) en versiones anteriores a la 8.6.0 Patch 10, versiones 8.7.x anteriores a la 8.7.11 Patch 2 y versiones 8.8.x anteriores a la 8.8.8 Patch 1 permite que atacantes remotos secuestren la autenticación de víctimas no especificadas aprovechando el error a la hora de emplear un token CSRF. • https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-zimbra-8-7-11-patch-2 https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8-7-11-patch-3-zimbra-8-6-0-patch-10 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1 https://wiki.zi • CWE-352: Cross-Site Request Forgery (CSRF) •