Shodan
Vulnerabilities
Vulnerable Software
Synacor:  >> Zimbra Collaboration Suite  Security Vulnerabilities
CVE-2017-6813
A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations.
CVSS Score
9.8
EPSS Score
0.017
Published
2017-05-23
CVE-2017-6821
Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors.
CVSS Score
9.8
EPSS Score
0.05
Published
2017-05-23
CVE-2017-7288
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.005
Published
2017-05-23
CVE-2016-3403
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899.
CVSS Score
8.8
EPSS Score
0.026
Published
2017-05-17
CVE-2016-9924
Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks.
CVSS Score
9.8
EPSS Score
0.017
Published
2017-03-29
CVE-2016-3401
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810.
CVSS Score
6.5
EPSS Score
0.007
Published
2017-01-18
CVE-2016-3402
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167.
CVSS Score
7.5
EPSS Score
0.015
Published
2017-01-18
CVE-2016-3404
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959.
CVSS Score
7.5
EPSS Score
0.012
Published
2017-01-18
CVE-2016-3405
Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828.
CVSS Score
7.5
EPSS Score
0.012
Published
2017-01-18
CVE-2016-3406
Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456.
CVSS Score
8.8
EPSS Score
0.031
Published
2017-01-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved