{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions 10.1.x ant\u00e9rieures \u00e0 10.1.12",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [],
  "initial_release_date": "2025-10-16T00:00:00",
  "last_revision_date": "2025-10-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0887",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Synacor Zimbra Collaboration. Elle permet \u00e0 un attaquant de provoquer une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF).",
  "title": "Vuln\u00e9rabilit\u00e9 dans Synacor Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor 10.1.12",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.12"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions 10.0.x ant\u00e9rieures \u00e0 10.0.16",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-54390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54390"
    },
    {
      "name": "CVE-2025-54391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54391"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    }
  ],
  "initial_release_date": "2025-07-21T00:00:00",
  "last_revision_date": "2025-07-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0609",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-21T00:00:00.000000"
    },
    {
      "description": "Ajout r\u00e9f\u00e9rence CVE CVE-2025-54390 et CVE-2025-54391",
      "revision_date": "2025-07-22T00:00:00.000000"
    },
    {
      "description": "Ajout r\u00e9f\u00e9rence CVE CVE-2025-27789",
      "revision_date": "2025-07-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Synacor Zimbra Collaboration. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF) et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Synacor Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": "2025-07-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor 10.0.16",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.16"
    },
    {
      "published_at": "2025-07-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor 10.1.10",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.10"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions ant\u00e9rieures \u00e0 9.0.0 Patch 46",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 10.1.x ant\u00e9rieures \u00e0 10.1.9",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 10.0.x ant\u00e9rieures \u00e0 10.0.15",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur annonce la fin de vie de Zimbra Collaboration versions 9.0.x et 10.0.x. Ces branches ne recevront plus de correctifs de s\u00e9curit\u00e9 \u00e0 partir du 30 juin 2025. L\u0027\u00e9diteur recommande aux utilisateurs de migrer en version 10.1.x.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [],
  "initial_release_date": "2025-06-18T00:00:00",
  "last_revision_date": "2025-06-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0521",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Synacor Zimbra Collaboration. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Synacor Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": "2025-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 9.0.0 Patch 46",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P46"
    },
    {
      "published_at": "2025-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 10.0.15",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.15"
    },
    {
      "published_at": "2025-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 10.1.9",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.9"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions ant\u00e9rieures \u00e0 9.0.0 Patch 45",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 10.0.x ant\u00e9rieures \u00e0 10.0.14",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 10.1.x ant\u00e9rieures \u00e0 10.1.8",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [],
  "initial_release_date": "2025-05-16T00:00:00",
  "last_revision_date": "2025-05-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0416",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Synacor Zimbra Collaboration. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
  "title": "Vuln\u00e9rabilit\u00e9 dans Synacor Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": "2025-05-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration",
      "url": "https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories\u0026oldid=71064"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions 10.1.x ant\u00e9rieures \u00e0 10.1.8",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-20128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20128"
    },
    {
      "name": "CVE-2024-20505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20505"
    }
  ],
  "initial_release_date": "2025-05-15T00:00:00",
  "last_revision_date": "2025-05-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0414",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Synacor Zimbra Collaboration. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Synacor Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": "2025-05-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration",
      "url": "https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories\u0026oldid=71058"
    },
    {
      "published_at": "2025-05-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration",
      "url": "https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories\u0026oldid=71057"
    },
    {
      "published_at": "2025-05-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration",
      "url": "https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories\u0026oldid=71059"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions 9.0.0.x ant\u00e9rieures \u00e0 9.0.0 Patch 44",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 10.0.x ant\u00e9rieures \u00e0 10.0.13",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 10.1.x ant\u00e9rieures \u00e0 10.1.5",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-27915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27915"
    }
  ],
  "initial_release_date": "2025-01-28T00:00:00",
  "last_revision_date": "2025-04-28T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0074",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-28T00:00:00.000000"
    },
    {
      "description": "Ajout r\u00e9f\u00e9rence CVE",
      "revision_date": "2025-04-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Synacor Zimbra Collaboration. Elle permet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
  "title": "Vuln\u00e9rabilit\u00e9 dans Synacor Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": "2025-01-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 10.0.13",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13"
    },
    {
      "published_at": "2025-01-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 9.0.0 Patch 44",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44"
    },
    {
      "published_at": "2025-01-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 10.1.5",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration Daffodil (10.0.0) sans le correctif 10.0.12",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration Joule (8.8.15) sans le correctif 47",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration Kepler (9.0.0) sans le correctif 43",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration Daffodil (10.1.0) sans le correctif 10.1.4",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-45516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45516"
    },
    {
      "name": "CVE-2025-25064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25064"
    },
    {
      "name": "CVE-2025-25065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25065"
    }
  ],
  "initial_release_date": "2024-12-18T00:00:00",
  "last_revision_date": "2025-02-03T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-1090",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-18T00:00:00.000000"
    },
    {
      "description": "Ajout des identifiants CVE CVE-2025-25064 et CVE-2025-25065.",
      "revision_date": "2025-02-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Synacor Zimbra Collaboration. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une injection de code indirecte \u00e0 distance (XSS) et une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF).",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Synacor Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": "2024-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Synacor Zimbra Collaboration 9.0.0 Patch 43",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P43"
    },
    {
      "published_at": "2024-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 10.1.4",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4"
    },
    {
      "published_at": "2024-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Synacor Zimbra Collaboration 8.8.15 Patch P47",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P47"
    },
    {
      "published_at": "2024-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 10.0.12",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.12"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions 10.0.x ant\u00e9rieures \u00e0 10.0.11",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 10.1.x ant\u00e9rieures \u00e0 10.1.3",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [],
  "initial_release_date": "2024-11-13T00:00:00",
  "last_revision_date": "2024-11-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0969",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-11-13T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour des produits affect\u00e9s",
      "revision_date": "2024-11-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Synacor Zimbra Collaboration. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Synacor Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 10.0.11",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.11"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 10.1.3",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.3"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions 10.1.x ant\u00e9rieures \u00e0 10.1.2",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 10.0.x ant\u00e9rieures \u00e0 10.0.10",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions ant\u00e9rieures \u00e0 9.0.0 Patch 42",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [],
  "initial_release_date": "2024-10-09T00:00:00",
  "last_revision_date": "2024-10-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0850",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Synacor Zimbra Collaboration. Elle permet \u00e0 un attaquant de provoquer une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF).",
  "title": "Vuln\u00e9rabilit\u00e9 dans Synacor Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration",
      "url": "https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories\u0026oldid=70713"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Daffodil versions ant\u00e9rieures \u00e0 10.1.1",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration Kepler versions ant\u00e9rieures \u00e0 9.0.0 Patch 41",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration Joule versions ant\u00e9rieures \u00e0 8.8.15 Patch 46",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration Daffodil versions ant\u00e9rieures \u00e0 10.0.9",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-45194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45194"
    },
    {
      "name": "CVE-2024-38356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38356"
    },
    {
      "name": "CVE-2024-45513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45513"
    },
    {
      "name": "CVE-2024-45511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45511"
    },
    {
      "name": "CVE-2024-45514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45514"
    },
    {
      "name": "CVE-2024-45512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45512"
    },
    {
      "name": "CVE-2024-45516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45516"
    },
    {
      "name": "CVE-2024-45519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45519"
    },
    {
      "name": "CVE-2024-45515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45515"
    },
    {
      "name": "CVE-2024-45518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45518"
    },
    {
      "name": "CVE-2024-45510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45510"
    },
    {
      "name": "CVE-2024-45517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45517"
    }
  ],
  "initial_release_date": "2024-09-05T00:00:00",
  "last_revision_date": "2024-09-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0742",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Synacor Zimbra Collaboration. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Synacor Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": "2024-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 8.8.15",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46"
    },
    {
      "published_at": "2024-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 10.0.9",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9"
    },
    {
      "published_at": "2024-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 9.0.0",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41"
    },
    {
      "published_at": "2024-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 10.1.1",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions ant\u00e9rieures \u00e0 10.1.0",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-4863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
    }
  ],
  "initial_release_date": "2024-07-17T00:00:00",
  "last_revision_date": "2024-07-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0592",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-07-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Synacor Zimbra Collaboration. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Synacor Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": "2024-07-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration",
      "url": "https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories\u0026oldid=70519"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions 10.x ant\u00e9rieures \u00e0 10.0.8",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 9.x ant\u00e9rieures \u00e0 9.0.0 Patch 40",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21708"
    },
    {
      "name": "CVE-2023-51764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51764"
    }
  ],
  "initial_release_date": "2024-04-22T00:00:00",
  "last_revision_date": "2024-04-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0341",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Synacor Zimbra\nCollaboration. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me\nde s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la politique\nde s\u00e9curit\u00e9, une injection de code indirecte \u00e0 distance (XSS)\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Synacor Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor du 22 avril 2024",
      "url": "https://wiki.zimbra.com/index.php?title=Zimbra_Security_Advisories\u0026oldid=70396"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration Daffodil versions ant\u00e9rieures \u00e0 10.0.7",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration Kepler versions ant\u00e9rieures \u00e0 9.0.0 Patch 39",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-41741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41741"
    },
    {
      "name": "CVE-2022-41742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
    },
    {
      "name": "CVE-2024-27443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27443"
    },
    {
      "name": "CVE-2024-27442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27442"
    }
  ],
  "initial_release_date": "2024-02-28T00:00:00",
  "last_revision_date": "2024-02-28T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0172",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-02-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zimbra\nCollaboration. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Zimbra  Collaboration",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra 9.0.0 du 28 f\u00e9vrier 2024",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra 10.0.7 du 28 f\u00e9vrier 2024",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration Daffodil versions ant\u00e9rieures \u00e0 10.0.6",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration Kepler versions ant\u00e9rieures \u00e0 9.0.0 Patch 38",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration Joule versions ant\u00e9rieures \u00e0 8.8.15 Patch 45",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-48432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48432"
    },
    {
      "name": "CVE-2023-50808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50808"
    },
    {
      "name": "CVE-2022-21449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21449"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2022-21476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
    }
  ],
  "initial_release_date": "2023-12-18T00:00:00",
  "last_revision_date": "2023-12-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-1043",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-12-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zimbra\nCollaboration. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me\nde s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra 9.0.0 du 18 d\u00e9cembre 2023",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P38"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra 10.0.6 du 18 d\u00e9cembre 2023",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.6"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra 8.8.15 du 18 d\u00e9cembre 2023",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P45"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration Joule versions ant\u00e9rieures \u00e0 8.8.15 Patch-44",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration Daffodil versions ant\u00e9rieures \u00e0 10.5",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration Kepler versions ant\u00e9rieures \u00e0 9.0.0 Patch-37",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-45206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45206"
    },
    {
      "name": "CVE-2007-1280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1280"
    },
    {
      "name": "CVE-2023-45207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45207"
    },
    {
      "name": "CVE-2020-7746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7746"
    }
  ],
  "initial_release_date": "2023-10-19T00:00:00",
  "last_revision_date": "2023-10-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0869",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zimbra \u003cspan\nid=\"Zimbra_Collaboration_Daffodil_10.0.5_Patch_Release\"\nclass=\"mw-headline\"\u003eCollaboration\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur et une injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra du 19 octobre 2023",
      "url": "https://blog.zimbra.com/2023/10/patch-for-zimbra-daffodil-10-0-5-9-0-0-patch-37-8-8-15-patch-44/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration Kepler versions ant\u00e9rieures \u00e0 9.0.0 Patch 36",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration Joule versions ant\u00e9rieures \u00e0 8.8.15 Patch 43",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration Daffodil versions ant\u00e9rieures \u00e0 10.0.4",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2023-09-14T00:00:00",
  "last_revision_date": "2023-09-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0744",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-09-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zimbra. Elles\npermettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0\ndistance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Zimbra",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra du 12 septembre 2023",
      "url": "https://blog.zimbra.com/2023/09/new-patch-for-zimbra-daffodil-10-0-4-9-0-0-patch-36-8-8-15-patch-43/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration Suite versions 10.x ant\u00e9rieures \u00e0 Daffodil 10.0.3",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration Suite versions 9.x ant\u00e9rieures \u00e0 9.0.0 Kepler Patch 35",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration Suite versions 8.x ant\u00e9rieures \u00e0 8.8.15 Joule Patch 42",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-41106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41106"
    }
  ],
  "initial_release_date": "2023-08-23T00:00:00",
  "last_revision_date": "2023-08-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0676",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-08-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Zimbra Collaboration Suite. Elle\npermet \u00e0 un attaquant de provoquer un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Zimbra Collaboration Suite",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra CVE-2023-41106 du 22 ao\u00fbt 2023",
      "url": "https://blog.zimbra.com/2023/08/zimbra-security-update/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions ant\u00e9rieures \u00e0 8.8.15 Joule Patch 41",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions ant\u00e9rieures \u00e0 10.0.2 Daffodil",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions ant\u00e9rieures \u00e0 9.0.0 Kepler Patch 34",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2023-38750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38750"
    },
    {
      "name": "CVE-2023-37580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37580"
    }
  ],
  "initial_release_date": "2023-07-26T00:00:00",
  "last_revision_date": "2023-07-26T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0592",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zimbra. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Zimbra",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra 8.8.15 P41 du 26 juillet 2023",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P41"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra 10.0.2 du 26 juillet 2023",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.2"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra 9.0.0 P34 du 26 juillet 2023",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P34"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration Suite versions ant\u00e9rieures \u00e0 8.8.15",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2023-07-13T00:00:00",
  "last_revision_date": "2023-07-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0546",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eZimbra\nCollaboration Suite\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Zimbra Collaboration Suite",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra 8.8.15 du 13 juillet 2023",
      "url": "https://blog.zimbra.com/2023/07/security-update-for-zimbra-collaboration-suite-version-8-8-15/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration (Kepler) 9.0.0 sans le correctif de s\u00e9curit\u00e9 Patch 33 GA",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration (Daffodil) versions 10.0.x ant\u00e9rieures \u00e0 10.0.1",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration (Joule) 8.8.15 sans le correctif de s\u00e9curit\u00e9 Patch 40 GA",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-34193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34193"
    },
    {
      "name": "CVE-2023-29381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29381"
    },
    {
      "name": "CVE-2023-29382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29382"
    },
    {
      "name": "CVE-2022-46364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
    },
    {
      "name": "CVE-2023-34192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34192"
    },
    {
      "name": "CVE-2022-22970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22970"
    },
    {
      "name": "CVE-2023-25690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
    }
  ],
  "initial_release_date": "2023-05-30T00:00:00",
  "last_revision_date": "2023-05-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0418",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-05-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zimbra. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la politique de s\u00e9curit\u00e9 et\nune injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Zimbra",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra 10.0.1 du 30 mai 2023",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra 8.8.15 P40 du 30 mai 2023",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P40"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra 9.0.0 P33 du 30 mai 2023",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P33"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions 8.8.15 ant\u00e9rieures \u00e0 Joule 8.8.15 Patch 37 GA",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 9.0.0 ant\u00e9rieures \u00e0 Kepler 9.0.0 Patch 30 GA",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-24030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24030"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2023-24031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24031"
    },
    {
      "name": "CVE-2023-24032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24032"
    },
    {
      "name": "CVE-2023-26562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26562"
    }
  ],
  "initial_release_date": "2023-03-21T00:00:00",
  "last_revision_date": "2023-03-21T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0247",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zimbra. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la politique de s\u00e9curit\u00e9 et\nune injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Zimbra",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra du 21 mars 2023",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P37"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration Joule versions ant\u00e9rieures \u00e0 8.8.15 Patch 37",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration Kepler versions ant\u00e9rieures \u00e0 9.0.0 Patch 30",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    }
  ],
  "initial_release_date": "2023-02-22T00:00:00",
  "last_revision_date": "2023-02-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0155",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zimbra\nCollaboration. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra 9.0.0 du 21 f\u00e9vrier 2023",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P30"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra 8.8.15 du 21 f\u00e9vrier 2023",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P37"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions 9.0.0 ant\u00e9rieures \u00e0 9.0.0 Patch 28",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 8.8.15 ant\u00e9rieures \u00e0 8.8.15 Patch 35",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-20770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20770"
    },
    {
      "name": "CVE-2022-26377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
    },
    {
      "name": "CVE-2022-20771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20771"
    }
  ],
  "initial_release_date": "2022-11-21T00:00:00",
  "last_revision_date": "2022-11-21T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-1042",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-11-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zimbra\nCollaboration. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\nex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra du 21 novembre 2022",
      "url": "https://blog.zimbra.com/2022/11/new-zimbra-patches-9-0-0-patch-28-8-8-15-patch-35/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions 9.x ant\u00e9rieures \u00e0 9.0.0 Patch 27",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 8.x ant\u00e9rieures \u00e0 8.8.15 Patch 34",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-41352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41352"
    },
    {
      "name": "CVE-2022-41348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41348"
    },
    {
      "name": "CVE-2022-41350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41350"
    },
    {
      "name": "CVE-2022-41351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41351"
    },
    {
      "name": "CVE-2022-37393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37393"
    },
    {
      "name": "CVE-2022-41349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41349"
    }
  ],
  "initial_release_date": "2022-10-12T00:00:00",
  "last_revision_date": "2022-10-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-902",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zimbra\nCollaboration. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et\nune injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra du 10 octobre 2022",
      "url": "https://blog.zimbra.com/2022/10/new-zimbra-patches-9-0-0-patch-27-8-8-15-patch-34/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration Joule versions ant\u00e9rieures \u00e0 8.8.15 Patch 31",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration Kepler versions ant\u00e9rieures \u00e0 9.0.0 Patch 24",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-27925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27925"
    },
    {
      "name": "CVE-2021-39275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
    },
    {
      "name": "CVE-2022-27924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27924"
    },
    {
      "name": "CVE-2022-27926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27926"
    },
    {
      "name": "CVE-2021-40438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
    },
    {
      "name": "CVE-2021-21702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21702"
    }
  ],
  "initial_release_date": "2022-03-31T00:00:00",
  "last_revision_date": "2022-03-31T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-291",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zimbra. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Zimbra",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra 8.8.15/P31 du 30 mars 2022",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P31"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra 9.0.0/P24 du 30 mars 2022",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration Suite 8.x",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2024-01-02",
  "content": "## Solution\n\nL\u0027\u00e9diteur documente la proc\u00e9dure manuelle \u00e0 r\u00e9aliser pour corriger la\nvuln\u00e9rabilit\u00e9. \u003cspan style=\"text-decoration: underline;\"\u003eLe CERT-FR\nrecommande tr\u00e8s fortement d\u0027appliquer cette proc\u00e9dure sans\nd\u00e9lai.\u003c/span\u003e\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-37580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37580"
    }
  ],
  "initial_release_date": "2023-07-17T00:00:00",
  "last_revision_date": "2024-01-02T00:00:00",
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2023-AVI-0546 du 13 juillet",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0546/"
    },
    {
      "title": "[1] Avis de s\u00e9curit\u00e9 Zimbra 8.8.15 P41 du 26 juillet 2023",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P41"
    }
  ],
  "reference": "CERTFR-2023-ALE-007",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-17T00:00:00.000000"
    },
    {
      "description": "Confirmation des versions affect\u00e9es.",
      "revision_date": "2023-07-18T00:00:00.000000"
    },
    {
      "description": "Ajout du correctif de l\u0027\u00e9diteur",
      "revision_date": "2023-07-26T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2024-01-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003e\\[Mise \u00e0 jour du 26 juillet 2023\\]\nPublication du correctif de s\u00e9curit\u00e9 par l\u0027\u00e9diteur  \n\u003c/strong\u003e\u003c/span\u003e\n\n\u003cspan style=\"color: #ff0000;\"\u003eLe 26 juillet 2023, l\u0027\u00e9diteur a publi\u00e9 un\ncorrectif de s\u00e9curit\u00e9 \\[1\\] pour cette vuln\u00e9rabilit\u00e9 immatricul\u00e9e\nCVE-2023-37580. Il est donc fortement recommand\u00e9 de d\u00e9ployer le\ncorrectif P41 pour toutes les versions 8.8.15 du produit Zimbra\nCollaboration Suite.\u003c/span\u003e\n\nLe 13 juillet 2023, Zimbra a publi\u00e9 un avis de s\u00e9curit\u00e9 alertant de\nl\u0027existence d\u0027une vuln\u00e9rabilit\u00e9 affectant sa solution Collaboration\nSuite dans la version 8.8.15\n\nCette vuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant de r\u00e9aliser une injection de\ncode indirecte (*XSS*) pour porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et\nla confidentialit\u00e9 des donn\u00e9es. Aucun identifiant CVE ne lui a \u00e9t\u00e9\nattribu\u00e9 au moment de la publication de la pr\u00e9sente alerte.\n\n\u003cspan style=\"text-decoration: underline;\"\u003eLe CERT-FR rappelle que les\nversions 8.x ant\u00e9rieures \u00e0 8.8.15 ne sont plus support\u00e9es\u003c/span\u003e. \\[Mise\n\u00e0 jour du 18 juillet 2023\\] L\u0027\u00e9diteur confirme que toutes les versions\n8.x sont affect\u00e9es.\n\nL\u0027\u00e9diteur indique que \u003cspan style=\"text-decoration: underline;\"\u003ecette\nvuln\u00e9rabilit\u00e9 est activement exploit\u00e9\u003c/span\u003ee alors qu\u0027une version\ncorrective n\u0027est pas disponible.\n",
  "title": "[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans Zimbra Collaboration Suite",
  "vendor_advisories": [
    {
      "published_at": "2023-07-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra",
      "url": "https://blog.zimbra.com/2023/07/security-update-for-zimbra-collaboration-suite-version-8-8-15/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration Suite (ZCS) toutes versions utilisant cpio",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2023-03-14",
  "content": "## Contournement provisoire\n\nL\u0027\u00e9diteur n\u0027a pas publi\u00e9 de correctif pour cette vuln\u00e9rabilit\u00e9.\nCependant, il est assez ais\u00e9 de s\u0027en pr\u00e9munir en installant l\u0027utilitaire\n*pax*, disponible *via* le paquet du m\u00eame nom, puis en red\u00e9marrant\nl\u0027application Zimbra (les commandes sont d\u00e9taill\u00e9es par l\u0027\u00e9diteur\n\\[1\\]).\n\n## D\u00e9tection\n\nLe CERT-FR recommande de r\u00e9aliser une analyse approfondie des journaux\nr\u00e9seau des serveurs Zimbra. Il est possible d\u0027obtenir la liste des\narchives au format .tar, .rpm ou .cpio qui ont \u00e9t\u00e9 t\u00e9l\u00e9vers\u00e9es *via* la\ncommande suivante :\n`cat /opt/zimbra/log/mailbox.log | grep -i -e \".*FileUploadServlet.*name=.*\\(.cpio\\|.tar\\|.rpm\\),\"`.\nCes archives devront ensuite \u00eatre analys\u00e9es pour tenter d\u0027identifier des\ntentatives d\u0027exploitation de la vuln\u00e9rabilit\u00e9. Cependant, un attaquant\npeut dissimuler ses traces dans le cas o\u00f9 il a r\u00e9alis\u00e9 une \u00e9l\u00e9vation de\nprivil\u00e8ge par le biais d\u0027une autre vuln\u00e9rabilit\u00e9.\n\nEn cas de suspicion de compromission, il est recommand\u00e9 de consulter les\n[bons r\u00e9flexes en cas d\u0027intrusion sur votre syst\u00e8me\nd\u0027information](/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/).\n\n\n## Solution\n\n\u003cspan style=\"color: #ff0000;\"\u003e\\[MaJ 12 octobre 2022\\]\u00a0\u003cspan\nstyle=\"color: #000000;\"\u003eSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur\npour l\u0027obtention des correctifs (cf. section\nDocumentation).\u003c/span\u003e\u003c/span\u003e\n\n",
  "cves": [
    {
      "name": "CVE-2022-37393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37393"
    },
    {
      "name": "CVE-2022-41352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41352"
    }
  ],
  "initial_release_date": "2022-10-07T00:00:00",
  "last_revision_date": "2023-03-14T00:00:00",
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2022-AVI-902 du 12 octobre 2022",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-902/"
    },
    {
      "title": "Bons r\u00e9flexes en cas d\u0027intrusion sur votre syst\u00e8me d\u0027information",
      "url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra du 10 octobre 2022",
      "url": "https://blog.zimbra.com/2022/10/new-zimbra-patches-9-0-0-patch-27-8-8-15-patch-34/"
    }
  ],
  "reference": "CERTFR-2022-ALE-009",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-07T00:00:00.000000"
    },
    {
      "description": "Correctif disponible.",
      "revision_date": "2022-10-12T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2023-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cstrong\u003e\\[MaJ 12 octobre 2022\\]\u00a0\u003c/strong\u003eUn correctif est d\u00e9sormais disponible (cf.\nsection Documentation).\n\n\u003cstrong\u003e\\[Publication initiale\\]\u003c/strong\u003e\n\nLe 15 septembre 2022, l\u0027\u00e9diteur Zimbra a publi\u00e9 un avis de s\u00e9curit\u00e9\nmentionnant une vuln\u00e9rabilit\u00e9 dans l\u0027impl\u00e9mentation de *cpio* par son\nmoteur d\u0027antivirus (Amavis). L\u0027outil d\u0027extraction d\u0027archive *cpio* est\nutilis\u00e9 par Zimbra d\u00e8s lors que l\u0027utilitaire\u00a0*pax* n\u0027est pas install\u00e9*.*\nCette vuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant non authentifi\u00e9 de t\u00e9l\u00e9verser\nou \u00e9craser un fichier sur le serveur. Par ce biais, l\u0027attaquant \u00e0 la\npossibilit\u00e9 de d\u00e9poser une porte d\u00e9rob\u00e9e afin de pouvoir ex\u00e9cuter du\ncode arbitraire \u00e0 distance sur la machine. En effet, si un attaquant\nenvoie un courriel contenant une archive pi\u00e9g\u00e9e avec le format .cpio,\n.rpm ou .tar \u00e0 une instance de Zimbra ne disposant pas de l\u0027utilitaire\n*pax*, alors, lors du processus d\u0027extraction par Amavis la vuln\u00e9rabilit\u00e9\nsera d\u00e9clench\u00e9e.\n\nLe 25 septembre, le NIST NVD attribue \u00e0 cette vuln\u00e9rabilit\u00e9\nl\u0027immatriculation CVE-2022-41352. Cette vuln\u00e9rabilit\u00e9 est simple \u00e0\nexploiter et pourrait \u00eatre combin\u00e9e avec une autre vuln\u00e9rabilit\u00e9 de type\n\u00e9l\u00e9vation de privil\u00e8ges, telle que la CVE-2022-37393, pour prendre le\ncontr\u00f4le total de la machine.\n\nLe CERT-FR a connaissance de cas d\u0027exploitation de cette vuln\u00e9rabilit\u00e9\net de codes d\u0027exploitation publiquement disponibles.\n",
  "title": "[MaJ] Vuln\u00e9rabilit\u00e9 dans Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": "2022-09-14",
      "title": "[1] Bulletin de s\u00e9curit\u00e9 Zimbra",
      "url": "https://blog.zimbra.com/2022/09/security-update-make-sure-to-install-pax-spax/"
    }
  ]
}