Summary
Updates have been released to address vulnerabilities found in Zimbra Collaboration software.
Note: CVE-2023-34192 is being actively exploited online.
Risk
Estimate of vulnerability impact on the reference community: High (65.89)
Type
- Authentication Bypass
- Data Manipulation
- Information Disclosure
- Security Restrictions Bypass
Affected Products and Versions
Zimbra
- Collaboration Daffodil, versions prior to 10.0.1
- Collaboration Kepler, versions prior to 9.0.0 Patch 33
- Collaboration Joule, versions prior to 8.8.15 Patch 40
Mitigation Actions
It is recommended to update vulnerable products by following the instructions provided by the vendor for each affected product and reported in the security bulletins available in the References section.
References
https://blog.zimbra.com/2023/05/new-patch-for-zimbra-daffodil-10-0-1-9-0-0-patch-33-8-8-15-patch-40
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.1
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P33
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P40
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
