CVE-2019-6980

CRITICAL

Synacor Zimbra Collaboration Suite <8.9 - Deserialization

Title source: llm

Description

Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component.

References (2)

[Issue Tracking, Third Party Advisory] https://bugzilla.zimbra.com/show_bug.cgi?id=109097

[Vendor Advisory] https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Scores

CVSS v3 9.8

EPSS 0.4085

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (25)

synacor/zimbra_collaboration_suite < 8.7.11

synacor/zimbra_collaboration_suite

synacor/zimbra_collaboration_suite

synacor/zimbra_collaboration_suite

synacor/zimbra_collaboration_suite

synacor/zimbra_collaboration_suite

synacor/zimbra_collaboration_suite

synacor/zimbra_collaboration_suite

synacor/zimbra_collaboration_suite

synacor/zimbra_collaboration_suite

synacor/zimbra_collaboration_suite

synacor/zimbra_collaboration_suite

synacor/zimbra_collaboration_suite

synacor/zimbra_collaboration_suite

synacor/zimbra_collaboration_suite

... and 10 more

Timeline

Published May 29, 2019

Tracked Since Feb 18, 2026