CVE-2023-24030 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-24030 PUBLISHED CVSS 6.099999904632568 MEDIUM

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL if url sanitisation is bypassed in incoming requests. NOTE: this is similar, but not identical, to CVE-2021-34807.

EPSS 0.12% · 30.3th percentile

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.12%

30.3th percentile

Affected Products

Vendor	Product	Versions
zimbra	collaboration	9.0.0, 8.8.15, 8.8.15
n/a	n/a	n/a

Timeline

Mar 21, 2023 CVE Published
Jun 16, 2023 EPSS Score
Jul 21, 2023 EPSS Score
Aug 25, 2023 EPSS Score
Sep 29, 2023 EPSS Score
Nov 3, 2023 EPSS Score
Dec 7, 2023 EPSS Score
Jan 11, 2024 EPSS Score
Feb 15, 2024 EPSS Score
Mar 21, 2024 EPSS Score
Apr 25, 2024 EPSS Score
May 30, 2024 EPSS Score

References

Open in Interactive Console →