Unrated severityNVD Advisory· Published Jul 2, 2021· Updated Aug 4, 2024
CVE-2021-34807
CVE-2021-34807
Description
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL via isredirect=1&redirectURL= in conjunction with the token data (e.g., a valid authtoken= value).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Zimbra/Zimbra Collaboration Suitedescription
- Range: <=9.0
Patches
Vulnerability mechanics
References
4- wiki.zimbra.com/wiki/Security_Centermitrex_refsource_MISC
- wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23mitrex_refsource_MISC
- wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16mitrex_refsource_MISC
- wiki.zimbra.com/wiki/Zimbra_Security_Advisoriesmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.