First published: Fri Jul 02 2021(Updated: )
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL via isredirect=1&redirectURL= in conjunction with the token data (e.g., a valid authtoken= value).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zimbra Collaboration | <8.8.15 | |
Zimbra Collaboration | =8.8.15 | |
Zimbra Collaboration | =8.8.15-p1 | |
Zimbra Collaboration | =8.8.15-p10 | |
Zimbra Collaboration | =8.8.15-p11 | |
Zimbra Collaboration | =8.8.15-p12 | |
Zimbra Collaboration | =8.8.15-p13 | |
Zimbra Collaboration | =8.8.15-p14 | |
Zimbra Collaboration | =8.8.15-p15 | |
Zimbra Collaboration | =8.8.15-p16 | |
Zimbra Collaboration | =8.8.15-p17 | |
Zimbra Collaboration | =8.8.15-p18 | |
Zimbra Collaboration | =8.8.15-p19 | |
Zimbra Collaboration | =8.8.15-p2 | |
Zimbra Collaboration | =8.8.15-p20 | |
Zimbra Collaboration | =8.8.15-p21 | |
Zimbra Collaboration | =8.8.15-p22 | |
Zimbra Collaboration | =8.8.15-p3 | |
Zimbra Collaboration | =8.8.15-p4 | |
Zimbra Collaboration | =8.8.15-p5 | |
Zimbra Collaboration | =8.8.15-p6 | |
Zimbra Collaboration | =8.8.15-p7 | |
Zimbra Collaboration | =8.8.15-p8 | |
Zimbra Collaboration | =8.8.15-p9 | |
Zimbra Collaboration | =9.0.0 | |
Zimbra Collaboration | =9.0.0-p1 | |
Zimbra Collaboration | =9.0.0-p10 | |
Zimbra Collaboration | =9.0.0-p11 | |
Zimbra Collaboration | =9.0.0-p12 | |
Zimbra Collaboration | =9.0.0-p13 | |
Zimbra Collaboration | =9.0.0-p14 | |
Zimbra Collaboration | =9.0.0-p15 | |
Zimbra Collaboration | =9.0.0-p2 | |
Zimbra Collaboration | =9.0.0-p3 | |
Zimbra Collaboration | =9.0.0-p4 | |
Zimbra Collaboration | =9.0.0-p5 | |
Zimbra Collaboration | =9.0.0-p6 | |
Zimbra Collaboration | =9.0.0-p7 | |
Zimbra Collaboration | =9.0.0-p8 | |
Zimbra Collaboration | =9.0.0-p9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-34807 is an open redirect vulnerability that exists in the /preauth Servlet in Zimbra Collaboration Suite through version 9.0.
To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token and redirect a user to any URL.
The severity level of CVE-2021-34807 is medium, with a CVSS score of 6.1.
Zimbra Collaboration Suite versions up to and including 9.0 are affected by CVE-2021-34807.
Ensure you are using a version of Zimbra Collaboration Suite that is patched to a version containing the fix, such as version 8.8.15-p23 or 9.0.0-p16.