[Japanese]

JVNDB-2008-000004

Zimbra Collaboration Suite script execution vulnerability

Overview

Zimbra Collaboration Suite, a web collaboration tool from Zimbra, Inc., contains a vulnerability that could allow a remote attacker to execute an arbitrary script on the user's web browser.

Zimbra Collaboration Suite is a web collaboration tool that provides calendar, address book, webmail, and other functions. Zimbra Collaboration Suite 4.0.3 and 4.5.6 contain a vulnerability that could allow a remote attacker to execute an arbitrary script on the user's web browser.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Zimbra, Inc.
  • Zimbra Collaboration Suite 4.0.3
  • Zimbra Collaboration Suite 4.5.6

Impact

If a user opens a specially crafted image file attached to an email from a third party or contained in a document created by another Zimbra Collaboration Suite user, an arbitrary script could be executed on the user's web browser.
Solution

[Update the Software]

Update to the latest version according to the information provided by the vendor.

For more information, refer to the vendor's website.
Vendor Information

Zimbra, Inc.
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2008-1226
References

  1. JVN : JVN#95014590
  2. National Vulnerability Database (NVD) : CVE-2008-1226
  3. Secunia Advisory : SA29263
  4. SecurityFocus : 28134
Revision History

  • [2008/05/21]
      Web page published

Date Public2008/03/07
Date First Published2008/05/21
Date Last Updated2008/05/21