PT-2023-26582 · Zimbra · Zimbra Collaboration
Published
2023-07-28
·
Updated
2023-09-09
·
CVE-2023-38750
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Zimbra Collaboration (ZCS) versions 8.0.0 through 8.8.15 Patch 40
Zimbra Collaboration (ZCS) versions 9.0.0 through 9.0.0 Patch 33
Zimbra Collaboration (ZCS) versions 10.0.0 through 10.0.1
Description
Internal JSP and XML files can be exposed in Zimbra Collaboration. This issue has been reported as actively exploited.
Recommendations
For Zimbra Collaboration (ZCS) version 8, update to 8.8.15 Patch 41 or later.
For Zimbra Collaboration (ZCS) version 9, update to 9.0.0 Patch 34 or later.
For Zimbra Collaboration (ZCS) version 10, update to 10.0.2 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Zimbra Collaboration