Privilege Escalation Vulnerability in Zimbra Collaboration by Zimbra
CVE-2023-29381

9.8CRITICAL

Key Information:

Vendor: Zimbra
Status: Collaboration
Vendor: CVE Published:; 6 July 2023

What is CVE-2023-29381?

A vulnerability in Zimbra Collaboration (ZCS) versions 8.8.15 and 9.0 allows remote attackers to escalate privileges, enabling unauthorized access to sensitive information. This can occur through manipulation of the password and 2FA parameters, potentially leading to data breach scenarios.

References

https://wiki.zimbra.com/wiki/Security_Center

https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosur...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 6, 2023
Vulnerability Reserved
Apr 5, 2023