📦

zimbra_collaboration_server

Vendor: synacor

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 1 Remote Access

Total CVEs 5 Total Indexed

Avg. EPSS 0.70% Exploit Prob.

Latest CVE CVE-2019-11318 Jan 27

Security Vulnerability Index

Page 1 / 1

5.4 CVSS

CVE-2019-11318

Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS.

EPSS: 0.92%

Severity: MEDIUM

Jan 27, 2020

5.4 CVSS

CVE-2015-2249

Zimbra Collaboration before 8.6.0 patch5 has XSS.

EPSS: 0.25%

Severity: MEDIUM

Jan 27, 2020

9.8 CVSS

CVE-2014-8563

RCE

Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS.

EPSS: 2.71%

Severity: CRITICAL

Jan 27, 2020

6.1 CVSS

CVE-2014-5500

Synacor Zimbra Collaboration before 8.0.8 has XSS.

EPSS: 0.27%

Severity: MEDIUM

Jan 27, 2020

6.1 CVSS

CVE-2015-2230

Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console.

EPSS: 0.22%

Severity: MEDIUM

May 30, 2019

6.1 CVSS

CVE-2016-5721

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

EPSS: 0.30%

Severity: MEDIUM

Aug 29, 2016

8.8 CVSS

CVE-2015-6541

Exploit Found

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.

EPSS: 0.24%

Severity: HIGH

Apr 08, 2016

Displaying 7 of 5 Total Entries

Total 1 Sections