Vulnerability Details CVE-2023-26562
In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.1%
CVSS Severity
CVSS v3 Score 6.5
References
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Products affected by CVE-2023-26562
-
cpe:2.3:a:zimbra:collaboration:8.8.15
-
cpe:2.3:a:zimbra:collaboration:9.0.0