CVE-2021-34807

Source
https://cve.org/CVERecord?id=CVE-2021-34807
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-34807.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-34807
Published
2021-07-02T19:15:08.330Z
Modified
2026-07-08T05:57:10.090347516Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL via isredirect=1&redirectURL= in conjunction with the token data (e.g., a valid authtoken= value).

Database specific
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "8.8.15-p10"
                },
                {
                    "last_affected": "8.8.15-p10"
                },
                {
                    "introduced": "8.8.15-p12"
                },
                {
                    "last_affected": "8.8.15-p12"
                },
                {
                    "introduced": "8.8.15-p13"
                },
                {
                    "last_affected": "8.8.15-p13"
                },
                {
                    "introduced": "8.8.15-p14"
                },
                {
                    "last_affected": "8.8.15-p14"
                },
                {
                    "introduced": "8.8.15-p15"
                },
                {
                    "last_affected": "8.8.15-p15"
                },
                {
                    "introduced": "8.8.15-p16"
                },
                {
                    "last_affected": "8.8.15-p16"
                },
                {
                    "introduced": "8.8.15-p17"
                },
                {
                    "last_affected": "8.8.15-p17"
                },
                {
                    "introduced": "8.8.15-p18"
                },
                {
                    "last_affected": "8.8.15-p18"
                },
                {
                    "introduced": "8.8.15-p19"
                },
                {
                    "last_affected": "8.8.15-p19"
                },
                {
                    "introduced": "8.8.15-p2"
                },
                {
                    "last_affected": "8.8.15-p2"
                },
                {
                    "introduced": "8.8.15-p21"
                },
                {
                    "last_affected": "8.8.15-p21"
                },
                {
                    "introduced": "8.8.15-p22"
                },
                {
                    "last_affected": "8.8.15-p22"
                },
                {
                    "introduced": "8.8.15-p4"
                },
                {
                    "last_affected": "8.8.15-p4"
                },
                {
                    "introduced": "8.8.15-p6"
                },
                {
                    "last_affected": "8.8.15-p6"
                },
                {
                    "introduced": "8.8.15-p7"
                },
                {
                    "last_affected": "8.8.15-p7"
                },
                {
                    "introduced": "8.8.15-p8"
                },
                {
                    "last_affected": "8.8.15-p8"
                },
                {
                    "introduced": "8.8.15-p9"
                },
                {
                    "last_affected": "8.8.15-p9"
                },
                {
                    "introduced": "9.0.0-p10"
                },
                {
                    "last_affected": "9.0.0-p10"
                },
                {
                    "introduced": "9.0.0-p11"
                },
                {
                    "last_affected": "9.0.0-p11"
                },
                {
                    "introduced": "9.0.0-p12"
                },
                {
                    "last_affected": "9.0.0-p12"
                },
                {
                    "introduced": "9.0.0-p13"
                },
                {
                    "last_affected": "9.0.0-p13"
                },
                {
                    "introduced": "9.0.0-p14"
                },
                {
                    "last_affected": "9.0.0-p14"
                },
                {
                    "introduced": "9.0.0-p15"
                },
                {
                    "last_affected": "9.0.0-p15"
                },
                {
                    "introduced": "9.0.0-p2"
                },
                {
                    "last_affected": "9.0.0-p2"
                },
                {
                    "introduced": "9.0.0-p3"
                },
                {
                    "last_affected": "9.0.0-p3"
                },
                {
                    "introduced": "9.0.0-p5"
                },
                {
                    "last_affected": "9.0.0-p5"
                },
                {
                    "introduced": "9.0.0-p6"
                },
                {
                    "last_affected": "9.0.0-p6"
                },
                {
                    "introduced": "9.0.0-p8"
                },
                {
                    "last_affected": "9.0.0-p8"
                },
                {
                    "introduced": "9.0.0-p9"
                },
                {
                    "last_affected": "9.0.0-p9"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "zimbra:collaboration",
            "cpes": [
                "cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*",
                "cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*"
            ]
        }
    ]
}
References

Affected packages

Git / github.com/zimbra/zm-build

Affected ranges

Type
GIT
Repo
https://github.com/zimbra/zm-build
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Last affected
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "cpe": [
        "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*",
        "cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*",
        "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*",
        "cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*",
        "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*",
        "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*",
        "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*",
        "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*",
        "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.8.15"
        },
        {
            "introduced": "8.8.15-NA"
        },
        {
            "last_affected": "8.8.15-NA"
        },
        {
            "introduced": "8.8.15-p1"
        },
        {
            "last_affected": "8.8.15-p1"
        },
        {
            "introduced": "8.8.15-p11"
        },
        {
            "last_affected": "8.8.15-p11"
        },
        {
            "introduced": "8.8.15-p20"
        },
        {
            "last_affected": "8.8.15-p20"
        },
        {
            "introduced": "8.8.15-p3"
        },
        {
            "last_affected": "8.8.15-p3"
        },
        {
            "introduced": "8.8.15-p5"
        },
        {
            "last_affected": "8.8.15-p5"
        },
        {
            "introduced": "9.0.0-NA"
        },
        {
            "last_affected": "9.0.0-NA"
        },
        {
            "introduced": "9.0.0-p1"
        },
        {
            "last_affected": "9.0.0-p1"
        },
        {
            "introduced": "9.0.0-p4"
        },
        {
            "last_affected": "9.0.0-p4"
        },
        {
            "introduced": "9.0.0-p7"
        },
        {
            "last_affected": "9.0.0-p7"
        }
    ]
}

Affected versions

8.*
8.7.10
8.7.11
8.7.6
8.7.7
8.7.9
8.8.0.beta1
8.8.10
8.8.12
8.8.15-NA
8.8.15-p1
8.8.15-p20
8.8.15-p3
8.8.15-p5
8.8.2
8.8.3
8.8.4
8.8.6
8.8.7
8.8.8
8.8.9
8.8.9.p1
8.8.9.p3
9.*
9.0.0
9.0.0-NA
9.0.0-p1
9.0.0-p4
9.0.0-p7
9.0.0.p4
9.0.0.p7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-34807.json"