Every CVE whose affected-product data names Zimbra Collaboration, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (41)
CVE-2023-29382 — CVSS 9.8 (critical): An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
CVE-2023-29381 — CVSS 9.8 (critical): An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information…
CVE-2021-35209 — CVSS 9.8 (critical): An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before…
CVE-2022-32294 — CVSS 9.8 (critical): Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is…
CVE-2024-45518 — CVSS 8.8 (high): An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before…
CVE-2023-34193 — CVSS 8.8 (high): File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive…
CVE-2022-37393 — CVSS 7.8 (high): Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its…
CVE-2023-24032 — CVSS 7.8 (high): In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute…
CVE-2024-27442 — CVSS 7.8 (high): An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be…
CVE-2022-41347 — CVSS 7.8 (high): An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to…
CVE-2023-41106 — CVSS 7.5 (high): An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. An attacker can gain access to a Zimbra account. This is also fixed in…
CVE-2022-37041 — CVSS 7.5 (high): An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. The value of the…
CVE-2024-33535 — CVSS 7.5 (high): An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI)…
CVE-2022-45912 — CVSS 7.2 (high): An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an…
CVE-2023-26562 — CVSS 6.5 (medium): In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured…
CVE-2020-35123 — CVSS 6.5 (medium): In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer…
CVE-2022-45913 — CVSS 6.1 (medium): An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in webmail URLs to execute arbitrary…
CVE-2023-24030 — CVSS 6.1 (medium): An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the…
CVE-2023-24031 — CVSS 6.1 (medium): An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to…
CVE-2022-41348 — CVSS 6.1 (medium): An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element, leading to…
CVE-2022-37044 — CVSS 6.1 (medium): In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are…
CVE-2022-41349 — CVSS 6.1 (medium): In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This…
CVE-2022-41351 — CVSS 6.1 (medium): In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and…
CVE-2022-45911 — CVSS 6.1 (medium): An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript…
CVE-2023-50808 — CVSS 6.1 (medium): Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI.
CVE-2021-35207 — CVSS 6.1 (medium): An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists…
CVE-2024-45515 — CVSS 6.1 (medium): An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due…
CVE-2021-34807 — CVSS 6.1 (medium): An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an…
CVE-2022-41350 — CVSS 6.1 (medium): In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to…
CVE-2023-43102 — CVSS 6.1 (medium): An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited to access the mailbox of an…
CVE-2023-43103 — CVSS 6.1 (medium): An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. This is also fixed…
CVE-2023-45206 — CVSS 6.1 (medium): An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can…
CVE-2023-45207 — CVSS 6.1 (medium): An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains…
CVE-2023-48432 — CVSS 6.1 (medium): An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript…
CVE-2022-37043 — CVSS 5.7 (medium): An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are…
CVE-2021-35208 — CVSS 5.4 (medium): An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An…
CVE-2024-33533 — CVSS 5.4 (medium): An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting (XSS) vulnerability has…
CVE-2024-33536 — CVSS 5.4 (medium): An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res…
CVE-2025-27914 — CVSS 5.4 (medium): An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting (XSS) vulnerability exists in…
CVE-2025-67809 — CVSS 4.7 (medium): An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly…