Ali Dinifar

**Name of the Vulnerable Software and Affected Versions** Zimbra Collaboration Suite versions 8.8.15 through 9.0 **Description** An open redirect issue exists in the /preauth Servlet, allowing an attacker to redirect a user to any URL if URL sanitization is bypassed in incoming requests. To exploit this, an attacker would need a valid Zimbra auth token or a valid preauth token. This could enable a remote attacker to redirect a user to an arbitrary URL. **Recommendations** For Zimbra Collaboration Suite versions 8.8.15 through 9.0, consider implementing proper URL sanitization for incoming requests to the /preauth Servlet to prevent redirection to unauthorized sites. Additionally, restrict access to the /preauth Servlet to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zimbra Collaboration Suite versions 8.8.15 through 9.0 **Description** The issue in Zimbra Collaboration Suite is related to the use of certain JVM arguments in the mailbox manager, which can be exploited by an attacker with initial user access to a Zimbra server instance. This can lead to local privilege escalation (LPE) by executing commands as root. The exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Zimbra Collaboration Suite versions 8.8.15 through 9.0, consider disabling the use of JVM arguments in the mailbox manager as a temporary workaround until a patch is available. Restrict access to the mailbox manager to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.