Test ID:	1.3.6.1.4.1.25623.1.0.108067
Category:	Web application abuses
Title:	Zimbra < 8.7.0 Multiple Vulnerabilities
Summary:	Zimbra is prone to multiple security vulnerabilities because it; fails to sanitize user-supplied input.
Description:	Summary: Zimbra is prone to multiple security vulnerabilities because it fails to sanitize user-supplied input. Vulnerability Impact: An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Other attacks are also possible due to further, unspecific vulnerabilities. Affected Software/OS: Zimbra prior to version 8.7.0 GA. Solution: Update to version 8.7.0 GA or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3999 BugTraq ID: 95921 http://www.securityfocus.com/bid/95921 Common Vulnerability Exposure (CVE) ID: CVE-2016-3401 BugTraq ID: 95860 http://www.securityfocus.com/bid/95860 Common Vulnerability Exposure (CVE) ID: CVE-2016-3402 BugTraq ID: 95887 http://www.securityfocus.com/bid/95887 Common Vulnerability Exposure (CVE) ID: CVE-2016-3404 BugTraq ID: 95894 http://www.securityfocus.com/bid/95894 Common Vulnerability Exposure (CVE) ID: CVE-2016-3407 BugTraq ID: 95897 http://www.securityfocus.com/bid/95897 Common Vulnerability Exposure (CVE) ID: CVE-2016-3408 BugTraq ID: 95923 http://www.securityfocus.com/bid/95923 Common Vulnerability Exposure (CVE) ID: CVE-2016-3409 BugTraq ID: 95896 http://www.securityfocus.com/bid/95896 Common Vulnerability Exposure (CVE) ID: CVE-2016-3410 BugTraq ID: 95900 http://www.securityfocus.com/bid/95900 Common Vulnerability Exposure (CVE) ID: CVE-2016-3411 BugTraq ID: 95901 http://www.securityfocus.com/bid/95901 https://www.exploit-db.com/exploits/45177/ Common Vulnerability Exposure (CVE) ID: CVE-2016-3412 BugTraq ID: 95899 http://www.securityfocus.com/bid/95899 Common Vulnerability Exposure (CVE) ID: CVE-2016-3413 BugTraq ID: 95895 http://www.securityfocus.com/bid/95895 Common Vulnerability Exposure (CVE) ID: CVE-2016-3415 BugTraq ID: 95917 http://www.securityfocus.com/bid/95917 Common Vulnerability Exposure (CVE) ID: CVE-2016-5721 BugTraq ID: 92682 http://www.securityfocus.com/bid/92682 Common Vulnerability Exposure (CVE) ID: CVE-2015-4852 BugTraq ID: 77539 http://www.securityfocus.com/bid/77539 https://www.exploit-db.com/exploits/42806/ https://www.exploit-db.com/exploits/46628/ http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ http://packetstormsecurity.com/files/152268/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/weblogic.py http://www.openwall.com/lists/oss-security/2015/11/17/19 http://www.securitytracker.com/id/1038292
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.