Known Vulnerabilities for products from Zimbra
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zimbra".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33373 json | Not Provided | 2026-03-30 | 2026-04-01 | |
| CVE-2026-33372 json | Not Provided | 2026-03-20 | 2026-03-23 | |
| CVE-2026-33371 json | Not Provided | 2026-03-20 | 2026-03-23 | |
| CVE-2026-33370 json | Not Provided | 2026-03-20 | 2026-03-23 | |
| CVE-2026-33369 json | Not Provided | 2026-03-20 | 2026-03-23 | |
| CVE-2026-33368 json | Not Provided | 2026-03-20 | 2026-03-23 | |
| CVE-2025-48700 json | Not Provided | 2025-06-23 | 2026-04-21 | |
| CVE-2023-38750 json | In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML f... | 7.5 - HIGH | 2023-07-31 | 2023-08-04 |
| CVE-2023-37580 json | Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. | 6.1 - MEDIUM | 2023-07-31 | 2023-11-17 |
| CVE-2023-34193 json | File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain s... | 8.8 - HIGH | 2023-07-06 | 2023-07-12 |
| CVE-2023-34192 json | Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code vi... | 9 - CRITICAL | 2023-07-06 | 2023-07-12 |
| CVE-2023-29382 json | An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp... | 9.8 - CRITICAL | 2023-07-06 | 2023-07-12 |
| CVE-2023-29381 json | An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitiv... | 9.8 - CRITICAL | 2023-07-06 | 2023-07-12 |
| CVE-2023-24032 json | In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) c... | 7.8 - HIGH | 2023-06-15 | 2023-06-27 |
| CVE-2023-24031 json | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/... | 6.1 - MEDIUM | 2023-06-15 | 2023-06-27 |
| CVE-2023-24030 json | An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploi... | 6.1 - MEDIUM | 2023-06-15 | 2023-06-27 |
| CVE-2022-45913 json | An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in webmail URLs to execute arb... | 6.1 - MEDIUM | 2023-01-06 | 2023-01-12 |
| CVE-2022-45912 json | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader ... | 7.2 - HIGH | 2022-12-05 | 2022-12-08 |
| CVE-2022-45911 json | An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary ... | 6.1 - MEDIUM | 2023-01-06 | 2023-01-12 |
| CVE-2022-41352 json | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis v... | 9.8 - CRITICAL | 2022-09-26 | 2024-02-01 |
Known software with vulnerabilities from Zimbra
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Zimbra | Collaboration | 8.7.10 |
| Application | Zimbra | Collaboration Server | 7.0.0 |
| Application | Zimbra | Zimbra | 2013 |
| Application | Zimbra | Zimbra Collaboration Suite | 6.0 |
| Application | Zimbra | Zm-mailbox | 8.7.10 |