CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-34807

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL via isredirect=1&redirectURL= in conjunction with the token data (e.g., a valid authtoken= value).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.2%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 5.8

References

Products affected by CVE-2021-34807

Zimbra » Collaboration » Version: N/A

cpe:2.3:a:zimbra:collaboration:-
Zimbra » Collaboration » Version: 8.7.10

cpe:2.3:a:zimbra:collaboration:8.7.10
Zimbra » Collaboration » Version: 8.7.11

cpe:2.3:a:zimbra:collaboration:8.7.11
Zimbra » Collaboration » Version: 8.7.6

cpe:2.3:a:zimbra:collaboration:8.7.6
Zimbra » Collaboration » Version: 8.7.7

cpe:2.3:a:zimbra:collaboration:8.7.7
Zimbra » Collaboration » Version: 8.7.9

cpe:2.3:a:zimbra:collaboration:8.7.9
Zimbra » Collaboration » Version: 8.8

cpe:2.3:a:zimbra:collaboration:8.8
Zimbra » Collaboration » Version: 8.8.0

cpe:2.3:a:zimbra:collaboration:8.8.0
Zimbra » Collaboration » Version: 8.8.10

cpe:2.3:a:zimbra:collaboration:8.8.10
Zimbra » Collaboration » Version: 8.8.11

cpe:2.3:a:zimbra:collaboration:8.8.11
Zimbra » Collaboration » Version: 8.8.12

cpe:2.3:a:zimbra:collaboration:8.8.12
Zimbra » Collaboration » Version: 8.8.15

cpe:2.3:a:zimbra:collaboration:8.8.15
Zimbra » Collaboration » Version: 8.8.2

cpe:2.3:a:zimbra:collaboration:8.8.2
Zimbra » Collaboration » Version: 8.8.3

cpe:2.3:a:zimbra:collaboration:8.8.3
Zimbra » Collaboration » Version: 8.8.4

cpe:2.3:a:zimbra:collaboration:8.8.4
Zimbra » Collaboration » Version: 8.8.6

cpe:2.3:a:zimbra:collaboration:8.8.6
Zimbra » Collaboration » Version: 8.8.7

cpe:2.3:a:zimbra:collaboration:8.8.7
Zimbra » Collaboration » Version: 8.8.8

cpe:2.3:a:zimbra:collaboration:8.8.8
Zimbra » Collaboration » Version: 8.8.9

cpe:2.3:a:zimbra:collaboration:8.8.9
Zimbra » Collaboration » Version: 9.0.0

cpe:2.3:a:zimbra:collaboration:9.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-34807

Products

Pricing

Contact Us