Synacor: >> Zimbra Collaboration Suite Security Vulnerabilities
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477.
CVSS Score
7.5
EPSS Score
0.012
Published
2017-01-18
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
CVSS Score
5.0
EPSS Score
0.921
Published
2013-12-13
Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token.
CVSS Score
6.8
EPSS Score
0.005
Published
2013-09-23
Page 7