📦

collaboration

Vendor: zimbra

Actively Exploited 2 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 6 Remote Access

Total CVEs 47 Total Indexed

Avg. EPSS 3.28% Exploit Prob.

Latest CVE CVE-2025-68645 Dec 22

Security Vulnerability Index

Page 5 / 5

6.1 CVSS

CVE-2021-34807

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL via isredirect=1&redirectURL= in conjunction with the token data (e.g., a valid authtoken= value).

EPSS: 0.62%

Severity: MEDIUM

Jul 02, 2021

6.5 CVSS

CVE-2020-35123

In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17.

EPSS: 0.80%

Severity: MEDIUM

Dec 17, 2020

Displaying 2 of 47 Total Entries

1 2 3 4 5

Total 5 Sections