Zimbra Security Center

Zimbra Security Center

Zimbra Security Center
Zimbra is committed to providing a secure collaboration experience for our customers, partners and users of our software.
Zimbra Security News
  • Security Advisory: Zimbra Community 8.x Security Vulnerability

    Security is top of mind for everyone here at Zimbra, which is why we want to inform you that our team just discovered a security vulnerability in Zimbra Community 8.0 (formerly Telligent Community and Telligent Enterprise). The vulnerability is relegated to a very specific scenario in which a user within Zimbra Community 8.0 is able to view a user password via a specific API call. Summary: The Zimbra development team has identified a very specific scenario where a user’s password in Community...
  • Zimbra Security Advisory on CVE-2014-0224 (CCS Injection Vulnerability)

    20140606: Zimbra Security Advisory on CVE-2014-0224 (CCS Injection Vulnerability) On June 5, 2014 the OpenSSL project released a security advisory . CVE-2014-0224 can allow for a man-in-the-middle (MITM) attack to be carried out between a vulnerable client and vulnerable server. It is also important to note that Zimbra does not use DTLS nor do we have SSL_MODE_RELEASE_BUFFERS enabled. The impact to Zimbra Collaboration Server is as follows: ZCS 6 is not affected ZCS 7 is not affected...
  • Critical Security Advisory and Builds/Patches for the OpenSSL Heartbleed Vulnerability

    Overview Zimbra Collaboration Server 8 is susceptible to the OpenSSL Heartbleed bug: http://heartbleed.com https://www.openssl.org/news/secadv_20140407.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 Specifically, nginx, postfix and OpenLDAP all link directly to OpenSSL shipped in ZCS8. Other components in the ZCS package also link to the openssl libraries, but the above three are the potentially Internet-facing services that would be attackable. All versions...
  • Urgency on Security Fixes for Bug 80338 and Bug 84547

    Bug 80338 (Feb 2013) is a Local File Inclusion vulnerability that leads to potential Privilege Escalation: Bug 80338: Privilege Escalation via LFI CVE: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7091 Affected versions: 7.2.2 and 8.0.2 and all previous releases Bug 84547 is a newer Critical Security Vulnerability (Dec 2013) that has not had further details released (in order to protect other customers): Bug 84547: Critical Security Vulnerability CVE: https...
  • Welcome to the Zimbra Security Group

    Join this group to get the latest news, updates and alerts about security issues affecting your Zimbra product.
Latest Security Advisories