Known Vulnerabilities for products from Zimbra
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zimbra".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33373 | Not Provided | 2026-03-30 | 2026-04-01 | |
| CVE-2026-33372 | Not Provided | 2026-03-20 | 2026-03-23 | |
| CVE-2026-33371 | Not Provided | 2026-03-20 | 2026-03-23 | |
| CVE-2026-33370 | Not Provided | 2026-03-20 | 2026-03-23 | |
| CVE-2026-33369 | Not Provided | 2026-03-20 | 2026-03-23 | |
| CVE-2026-33368 | Not Provided | 2026-03-20 | 2026-03-23 | |
| CVE-2022-24682 | An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exp... | 6.1 - MEDIUM | 2022-02-09 | 2023-08-08 |
| CVE-2021-35209 | An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 a... | 9.8 - CRITICAL | 2021-07-02 | 2021-09-20 |
| CVE-2021-35208 | An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.1... | 5.4 - MEDIUM | 2021-07-02 | 2022-04-06 |
| CVE-2021-35207 | An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulner... | 6.1 - MEDIUM | 2021-07-02 | 2021-07-09 |
| CVE-2021-34807 | An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulne... | 6.1 - MEDIUM | 2021-07-02 | 2021-07-08 |
| CVE-2020-35123 | In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the s... | 6.5 - MEDIUM | 2020-12-17 | 2020-12-22 |
| CVE-2020-11737 | A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail m... | 6.1 - MEDIUM | 2020-05-05 | 2020-05-07 |
| CVE-2020-10194 | cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL a... | 6.5 - MEDIUM | 2020-03-20 | 2021-07-21 |
| CVE-2019-15313 | In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability. | 6.1 - MEDIUM | 2020-01-27 | 2020-01-29 |
| CVE-2019-12427 | Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console. | 4.8 - MEDIUM | 2020-01-27 | 2020-01-28 |
| CVE-2019-9621 | Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before... | 7.5 - HIGH | 2019-04-30 | 2019-06-06 |
| CVE-2019-8947 | Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. | 6.1 - MEDIUM | 2020-01-27 | 2020-01-28 |
| CVE-2019-8946 | Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | 6.1 - MEDIUM | 2020-01-27 | 2020-01-28 |
| CVE-2019-8945 | Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | 6.1 - MEDIUM | 2020-01-27 | 2020-01-28 |
Known software with vulnerabilities from Zimbra
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Zimbra | Collaboration | 8.7.6 |
| Application | Zimbra | Collaboration Server | 7.0.0 |
| Application | Zimbra | Zimbra | 9.0.0 |
| Application | Zimbra | Zimbra Collaboration Suite | 6.0 |
| Application | Zimbra | Zm-mailbox | 8.7.6 |