GCVE - cpe:2.3:a:zimbra:collaboration:8.8.15:p42:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zimbra:collaboration:8.8.15:p42:*:*:*:*:*:*

part: a version: 8.8.15 update: p42

Vendor	Zimbra (`2c2042e1-5f4a-5590-841f-bd7953d2bb5f`)
Product	Collaboration (`dc8aeab5-e039-5ffe-a16a-100a59003217`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/zimbra/zm-build`	purl2cpe	2026-06-01 10:12:36.214243
`pkg:sourceforge/zimbra`	purl2cpe	2026-06-01 10:12:36.214245

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-45519`	vulnerable	2026-06-08 06:48:06.680771	Details available CRITICAL (10) The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. Published: 2024-10-02T00:00:00.000Z Updated: 2026-02-03T19:27:04.871Z Open on db.gcve.eu Reference links https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-45518`	vulnerable	2026-06-08 06:48:06.635081	Details available An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitization and misconfigured domain whitelisting. This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Remote Code Execution (RCE) by chaining Command Injection within the internal service. When combined with existing XSS vulnerabilities, this SSRF issue can further facilitate Remote Code Execution (RCE). Published: 2024-10-22T00:00:00.000Z Updated: 2024-10-22T18:10:41.843Z Open on db.gcve.eu Reference links https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-48432`	vulnerable	2026-06-08 06:14:27.234901	Details available An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) within en email message, e.g., if a victim clicks on that link within Zimbra webmail. Published: 2024-02-13T00:00:00.000Z Updated: 2025-03-25T16:01:09.054Z Open on db.gcve.eu Reference links https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-45207`	vulnerable	2026-06-08 06:12:42.270707	Details available An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by sanitising the JavaScript code present in a PDF document.) Published: 2024-02-13T00:00:00.000Z Updated: 2025-03-27T19:21:44.415Z Open on db.gcve.eu Reference links https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-45206`	vulnerable	2026-06-08 06:12:42.237080	Details available An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting (XSS). (Adding an adequate message to avoid malicious code will mitigate this issue.) Published: 2024-02-13T00:00:00.000Z Updated: 2025-05-07T21:12:51.053Z Open on db.gcve.eu Reference links https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-43103`	vulnerable	2026-06-08 06:11:10.918630	Details available An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. Published: 2023-12-07T00:00:00.000Z Updated: 2024-08-02T19:37:22.951Z Open on db.gcve.eu Reference links https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-43102`	vulnerable	2026-06-08 06:11:10.902364	Details available An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. Published: 2023-12-07T00:00:00.000Z Updated: 2024-08-02T19:37:23.342Z Open on db.gcve.eu Reference links https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.