Added additional validations for 2FA login.

Added additional validations for 2FA login.

Severity

10

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

07/06/2023

Created

01/16/2025

Added

01/10/2025

Modified

01/20/2025

Description

An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.

Solution(s)

• zimbra-collaboration-upgrade-latest

References

• https://attackerkb.com/topics/cve-2023-29381
• CVE - 2023-29381
• https://wiki.zimbra.com/wiki/Security_Center
• https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy