CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-24030

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL if url sanitisation is bypassed in incoming requests. NOTE: this is similar, but not identical, to CVE-2021-34807.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.5%

CVSS Severity

CVSS v3 Score 6.1

References

https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Products affected by CVE-2023-24030

Zimbra » Collaboration » Version: 8.8.15

cpe:2.3:a:zimbra:collaboration:8.8.15
Zimbra » Collaboration » Version: 9.0.0

cpe:2.3:a:zimbra:collaboration:9.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-24030

Products

Pricing

Contact Us