What is CVE-2021-34807?

CVE-2021-34807 is an open redirect vulnerability that exists in the /preauth Servlet in Zimbra Collaboration Suite through version 9.0.

What is the severity level of CVE-2021-34807?

The severity level of CVE-2021-34807 is medium, with a CVSS score of 6.1.

Which versions of Zimbra Collaboration Suite are affected by CVE-2021-34807?

Zimbra Collaboration Suite versions up to and including 9.0 are affected by CVE-2021-34807.

How can I fix CVE-2021-34807 vulnerability?

Ensure you are using a version of Zimbra Collaboration Suite that is patched to a version containing the fix, such as version 8.8.15-p23 or 9.0.0-p16.

Vulnerability/
CVE-2021-34807

medium

6.1

CWE

601

2/7/2021

8/7/2021

CVE-2021-34807

First published: Fri Jul 02 2021(Updated: )

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL via isredirect=1&redirectURL= in conjunction with the token data (e.g., a valid authtoken= value).

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zimbra Collaboration	<8.8.15
Zimbra Collaboration	=8.8.15
Zimbra Collaboration	=8.8.15-p1
Zimbra Collaboration	=8.8.15-p10
Zimbra Collaboration	=8.8.15-p11
Zimbra Collaboration	=8.8.15-p12
Zimbra Collaboration	=8.8.15-p13
Zimbra Collaboration	=8.8.15-p14
Zimbra Collaboration	=8.8.15-p15
Zimbra Collaboration	=8.8.15-p16
Zimbra Collaboration	=8.8.15-p17
Zimbra Collaboration	=8.8.15-p18
Zimbra Collaboration	=8.8.15-p19
Zimbra Collaboration	=8.8.15-p2
Zimbra Collaboration	=8.8.15-p20
Zimbra Collaboration	=8.8.15-p21
Zimbra Collaboration	=8.8.15-p22
Zimbra Collaboration	=8.8.15-p3
Zimbra Collaboration	=8.8.15-p4
Zimbra Collaboration	=8.8.15-p5
Zimbra Collaboration	=8.8.15-p6
Zimbra Collaboration	=8.8.15-p7
Zimbra Collaboration	=8.8.15-p8
Zimbra Collaboration	=8.8.15-p9
Zimbra Collaboration	=9.0.0
Zimbra Collaboration	=9.0.0-p1
Zimbra Collaboration	=9.0.0-p10
Zimbra Collaboration	=9.0.0-p11
Zimbra Collaboration	=9.0.0-p12
Zimbra Collaboration	=9.0.0-p13
Zimbra Collaboration	=9.0.0-p14
Zimbra Collaboration	=9.0.0-p15
Zimbra Collaboration	=9.0.0-p2
Zimbra Collaboration	=9.0.0-p3
Zimbra Collaboration	=9.0.0-p4
Zimbra Collaboration	=9.0.0-p5
Zimbra Collaboration	=9.0.0-p6
Zimbra Collaboration	=9.0.0-p7
Zimbra Collaboration	=9.0.0-p8
Zimbra Collaboration	=9.0.0-p9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-34807?
CVE-2021-34807 is an open redirect vulnerability that exists in the /preauth Servlet in Zimbra Collaboration Suite through version 9.0.
How does CVE-2021-34807 vulnerability work?
To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token and redirect a user to any URL.
What is the severity level of CVE-2021-34807?
The severity level of CVE-2021-34807 is medium, with a CVSS score of 6.1.
Which versions of Zimbra Collaboration Suite are affected by CVE-2021-34807?
Zimbra Collaboration Suite versions up to and including 9.0 are affected by CVE-2021-34807.
How can I fix CVE-2021-34807 vulnerability?
Ensure you are using a version of Zimbra Collaboration Suite that is patched to a version containing the fix, such as version 8.8.15-p23 or 9.0.0-p16.

collector/nvd-index
agent/references
agent/severity
agent/weakness
agent/author
agent/tags
agent/description
agent/event
agent/type
agent/softwarecombine
agent/last-modified-date
agent/first-publish-date
vendor/zimbra
canonical/zimbra collaboration
version/zimbra collaboration/8.8.15
version/zimbra collaboration/8.8.15-p1
version/zimbra collaboration/8.8.15-p10
version/zimbra collaboration/8.8.15-p11
version/zimbra collaboration/8.8.15-p12
version/zimbra collaboration/8.8.15-p13
version/zimbra collaboration/8.8.15-p14
version/zimbra collaboration/8.8.15-p15
version/zimbra collaboration/8.8.15-p16
version/zimbra collaboration/8.8.15-p17
version/zimbra collaboration/8.8.15-p18
version/zimbra collaboration/8.8.15-p19
version/zimbra collaboration/8.8.15-p2
version/zimbra collaboration/8.8.15-p20
version/zimbra collaboration/8.8.15-p21
version/zimbra collaboration/8.8.15-p22
version/zimbra collaboration/8.8.15-p3
version/zimbra collaboration/8.8.15-p4
version/zimbra collaboration/8.8.15-p5
version/zimbra collaboration/8.8.15-p6
version/zimbra collaboration/8.8.15-p7
version/zimbra collaboration/8.8.15-p8
version/zimbra collaboration/8.8.15-p9
version/zimbra collaboration/9.0.0
version/zimbra collaboration/9.0.0-p1
version/zimbra collaboration/9.0.0-p10
version/zimbra collaboration/9.0.0-p11
version/zimbra collaboration/9.0.0-p12
version/zimbra collaboration/9.0.0-p13
version/zimbra collaboration/9.0.0-p14
version/zimbra collaboration/9.0.0-p15
version/zimbra collaboration/9.0.0-p2
version/zimbra collaboration/9.0.0-p3
version/zimbra collaboration/9.0.0-p4
version/zimbra collaboration/9.0.0-p5
version/zimbra collaboration/9.0.0-p6
version/zimbra collaboration/9.0.0-p7
version/zimbra collaboration/9.0.0-p8
version/zimbra collaboration/9.0.0-p9

CVE-2021-34807

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-34807?

How does CVE-2021-34807 vulnerability work?

What is the severity level of CVE-2021-34807?

Which versions of Zimbra Collaboration Suite are affected by CVE-2021-34807?

How can I fix CVE-2021-34807 vulnerability?

Company

Resources

Contact