CVE-2015-7609 - OpenCVE

Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Synacor	Zimbra Collaboration Suite

Configuration 1 [-]

OR	cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:-::::::
	cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p1::::::
	cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p2::::::
	cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p3::::::
	cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p4::::::

References

Link	Resource
https://bugzilla.zimbra.com/show_bug.cgi?id=101435	Issue Tracking Exploit Third Party Advisory
https://bugzilla.zimbra.com/show_bug.cgi?id=101436	Issue Tracking Third Party Advisory
https://wiki.zimbra.com/wiki/Security_Center	Vendor Advisory
https://www.fortiguard.com/zeroday/FG-VD-15-080	Third Party Advisory
https://www.fortiguard.com/zeroday/FG-VD-15-081	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-30T19:21:11

Updated: 2019-05-30T19:21:11

Reserved: 2015-09-30T00:00:00

Link: CVE-2015-7609

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-05-30T20:29:00.397

Modified: 2019-05-31T15:08:42.247

Link: CVE-2015-7609

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-30T19:21:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"tags": ["x_refsource_MISC"], "url": "https://www.fortiguard.com/zeroday/FG-VD-15-080"}, {"tags": ["x_refsource_MISC"], "url": "https://www.fortiguard.com/zeroday/FG-VD-15-081"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=101435"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=101436"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7609", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://wiki.zimbra.com/wiki/Security_Center", "refsource": "MISC", "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"name": "https://www.fortiguard.com/zeroday/FG-VD-15-080", "refsource": "MISC", "url": "https://www.fortiguard.com/zeroday/FG-VD-15-080"}, {"name": "https://www.fortiguard.com/zeroday/FG-VD-15-081", "refsource": "MISC", "url": "https://www.fortiguard.com/zeroday/FG-VD-15-081"}, {"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=101435", "refsource": "MISC", "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=101435"}, {"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=101436", "refsource": "MISC", "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=101436"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-7609", "datePublished": "2019-05-30T19:21:11", "dateReserved": "2015-09-30T00:00:00", "dateUpdated": "2019-05-30T19:21:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:-:*:*:*:*:*:*", "matchCriteriaId": "09016525-12F2-49D0-A803-E38294FE3EFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p1:*:*:*:*:*:*", "matchCriteriaId": "A640E533-4AB8-4DBA-B59C-3CCDE507155F", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p2:*:*:*:*:*:*", "matchCriteriaId": "EFFA097D-1FAC-41A9-BF40-004BBE4F4777", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p3:*:*:*:*:*:*", "matchCriteriaId": "957B3D6D-DDA6-4770-B8B1-8CDF95E87140", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p4:*:*:*:*:*:*", "matchCriteriaId": "E48E062A-8658-4006-856E-CBABE57FE00C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra."}, {"lang": "es", "value": "Synacor Zimbra Mail Client 8.6 anerior a 8.6.0 Patch 5 tiene XSS a trav\u00e9s del cuadro de di\u00e1logo error/warning y email body content en Zimbra."}], "id": "CVE-2015-7609", "lastModified": "2019-05-31T15:08:42.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-30T20:29:00.397", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Exploit", "Third Party Advisory"], "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=101435"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=101436"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.fortiguard.com/zeroday/FG-VD-15-080"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.fortiguard.com/zeroday/FG-VD-15-081"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}