Zimbra Multiple Vulnerabilities
Release Date:
19 Dec 2023
5866
Views
RISK: Medium Risk
TYPE: Servers - Internet App Servers
Multiple vulnerabilities were identified in Zimbra. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, security restriction bypass, data manipulation and sensitive information disclosure on the targeted system.
Impact
- Information Disclosure
- Data Manipulation
- Cross-Site Scripting
- Security Restriction Bypass
System / Technologies affected
- Zimbra Collaboration Joule prior to 8.8.15 Patch 45 GA
- Zimbra Collaboration Kepler prior to 9.0.0 Patch 38 GA
- Zimbra Collaboration Daffodil prior to 10.0.6
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P45
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P38
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.6
Vulnerability Identifier
Source
Related Link
Related Tags
Share with