Summary
Security updates have been released to address vulnerabilities in the Kepler and Daffodil versions of Zimbra Collaboration Suite (ZCS), a popular email collaboration platform developed by Synacor Inc.
Risk
Vulnerability impact estimate on the reference community: High (70.25)
Type
- Security Restrictions Bypass
Affected products and/or versions
Zimbra
- Collaboration Daffodil 10.1.x, versions prior to 10.1.5
- Collaboration Daffodil 10.0.x, versions prior to 10.0.13
- Collaboration Kepler 9.x, versions prior to 9.0.0 Patch 44
Mitigation actions
It is recommended to update vulnerable products to the latest available version following the instructions provided by the vendor for each affected product and reported in the security bulletins available in the References section.
References
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.