Shodan
Vulnerabilities
Vulnerable Software
Synacor:  >> Zimbra Collaboration Suite  >> 8.7.1  Security Vulnerabilities
CVE-2020-12846
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as an avatar image for a contact. A user will receive a "Corrupt File" error, but the file is still uploaded and stored locally in /opt/zimbra/data/tmp/upload/, leaving it open to possible remote execution.
CVSS Score
8.0
EPSS Score
0.12
Published
2020-06-03
CVE-2020-7796
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
CVSS Score
9.8
EPSS Score
0.906
Published
2020-02-18
CVE-2020-8633
An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-02-18
CVE-2018-10948
Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-05-30
CVE-2018-14425
There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-05-30
CVE-2018-15131
An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests.
CVSS Score
5.3
EPSS Score
0.026
Published
2019-05-30
CVE-2018-18631
mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-05-29
CVE-2018-20160
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.
CVSS Score
9.8
EPSS Score
0.017
Published
2019-05-29
CVE-2019-6980
Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component.
CVSS Score
9.8
EPSS Score
0.352
Published
2019-05-29
CVE-2019-6981
Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-05-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved