Authentication Bypass Vulnerability in Zimbra Collaboration by Zimbra
CVE-2023-41106

7.5HIGH

Key Information:

Vendor: Zimbra
Status: Collaboration
Vendor: CVE Published:; 7 December 2023

What is CVE-2023-41106?

A significant issue has been identified in Zimbra Collaboration Suite prior to version 10.0.3, allowing attackers to exploit authentication mechanisms and gain unauthorized access to user accounts. This vulnerability has been remedied in versions 9.0.0 Patch 35 and 8.8.15 Patch 42, emphasizing the necessity for users to upgrade to these patched editions to ensure their data security.

References

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

https://wiki.zimbra.com/wiki/Security_Center

http://www.openwall.com/lists/oss-security/2023/11/17/2

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2023
Vulnerability Reserved
Aug 23, 2023