AI description
CVE-2025-27915 is a stored cross-site scripting (XSS) vulnerability found in Zimbra Collaboration Suite (ZCS) versions 9.0, 10.0, and 10.1. The vulnerability exists in the Classic Web Client due to inadequate sanitization of HTML content within ICS (iCalendar) files. When a user views an email containing a malicious ICS entry, embedded JavaScript code can execute through an `ontoggle` event within a `<details>` tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions like setting email filters to redirect messages or data exfiltration. In one instance, attackers spoofed the Libyan Navy to target the Brazilian military, using malicious ICS files to steal credentials, emails, contacts, and shared folders.
- Description
- An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration.
- Source
- cve@mitre.org
- NVD status
- Modified
- Products
- collaboration
CVSS 3.1
- Type
- Secondary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Exploit added on
- Oct 7, 2025
- Exploit action due
- Oct 28, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-79
- Hype score
- Not currently trending
⚠️ XSS in Zimbra (CVE-2025-27915) lets JS run via an email with a malicious .ics — exploit published Sep 30; used in the wild vs Brazil’s military before Jan 27 patch. #Zimbra #StrikeReadyLabs ➡️ https://t.co/tJTVdqpKe2 https://t.co/s3YiDVeQUv
@leonov_av
26 Oct 2025
81 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
💥 El CVE-2025-27915 ha puesto a Zimbra bajo ataque. Miles de empresas están en riesgo por una vulnerabilidad crítica. 🔐 Aprende cómo proteger tu sistema antes de que sea tarde: actualiza, refuerza y monitoriza. 👉 Mantente informado y lleva tu seguridad al siguiente ni
@MMarcoSeguridad
23 Oct 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-27915
@transilienceai
19 Oct 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚔️ Hackers atacaron al ejército de #Brasil explotando una falla crítica en #Zimbra (CVE-2025-27915) mediante archivos ICS maliciosos 📷El fallo permitió ejecutar código oculto y robar correos y credenciales. 🔗 https://t.co/DcDURQOby2 https://t.co/skbEbedKhC
@ojo_cibernetico
18 Oct 2025
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚔️ Hackers atacaron al ejército de #Brasil explotando una falla crítica en #Zimbra (CVE-2025-27915) mediante archivos ICS maliciosos 📅💻 El fallo permitió ejecutar código oculto y robar correos y credenciales. 🔗 https://t.co/jhoqF7Lq99 https://t.co/hehwOHh71k
@ojo_cibernetico
18 Oct 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 El ataque a Zimbra (CVE-2025-27915) nos deja una lección clara: nadie está a salvo si no actualiza a tiempo. 🔧 Los fallos en correo empresarial son una de las puertas más usadas por los atacantes. 👉 Mantén tus sistemas al día y protege tus datos. 💬 ¿Tu empres
@MMarcoSeguridad
16 Oct 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Attackers Exploit Zimbra Zero-Day via ICS Calendar File https://t.co/d2s9wRlT7m A state-linked actor masquerading as the Libyan Navy delivered a malicious ICS file exploiting an XSS flaw (CVE-2025-27915) in Zimbra’s web client to steal credentials, emails, manipulate
@Huntio
13 Oct 2025
3059 Impressions
11 Retweets
27 Likes
8 Bookmarks
0 Replies
0 Quotes
زيمبرا — استـ ـغلال CVE-2025-27915 يستـ ـهدف الجيش البرازيلي التفاصيل .. https://t.co/1np05Ei4nE #مركز_الأمن_السيبراني_للابحاث_والدراسات https://t.co/8lriD7uV1r
@ccforrs
12 Oct 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Cyber Threat Digest – 2025-10-09 KEV: CVE-2025-27915 — Synacor Zimbra Collaboration Suite NVD: CVE-2025-11476 — vulnerability was identified in News: Azure outage blocks access to Microsoft… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv
@dpharristech
9 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Una vulnerabilidad Zero-Day pone en riesgo a Zimbra: CVE-2025-27915 https://t.co/LUZYJrfInr #Internet #Noticia #Tecnología #CiberSeguridad #web #Vulnerabilidad vía @unaaldia https://t.co/nwwnijYIhJ
@Securizame
9 Oct 2025
266 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
New Post: Vulnerabilidad Zero-Day pone en riesgo a Zimbra | CVE-2025-27915 https://t.co/DuPMELFNbs
@hualkana
8 Oct 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Zimbra bajo ataque #ZeroDay (CVE-2025-27915) — se están robando correos y datos en empresas de todo el mundo. Si usas Zimbra, parchea YA y revisa 💼 En @MMarcoSeguridad y @Ciberseguridad24h ayudamos a prevenir ataques y cumplir el #RGPD. 🌐 https://t.co/liiwnqVm89 h
@MMarcoSeguridad
8 Oct 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Cyber Threat Digest – 2025-10-08 KEV: CVE-2025-27915 — Synacor Zimbra Collaboration Suite NVD: CVE-2021-22291 — Improper Neutralization of Input News: Salesforce refuses to pay ransom over… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv
@dpharristech
8 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼ #Zimbra: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-27915 - già sanata dal vendor – relativa a #ZCS (Zimbra Collaboration Suite) Rischio: 🟠 🔗 https://t.co/u4OCBze842 ⚠ Importante aggiornare i prodotti interess… https://t.co
@Vulcanux_
8 Oct 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-27915 #Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability https://t.co/S6C2XShLlb
@ScyScan
7 Oct 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
هجوم إلكتروني يستهدف مستخدمي Zimbra عبر ملفات التقويم! يستغل المهاجمون ثغرة يوم الصفر (CVE-2025-27915) في نظام Zimbra من خلال ملفات iCalendar (.ICS) تحتوي على تعليمات JavaScript خ
@ChbibAnas
7 Oct 2025
13 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Synacor Zimbra Collaboration Suite vulnerability CVE-2025-27915 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/f3UouEQBA3
@CISACyber
7 Oct 2025
3677 Impressions
9 Retweets
18 Likes
2 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidad en Zimbra ❗CVE-2025-27915 ➡️Más info: https://t.co/2Jq833GNf8 https://t.co/NGdajzhVql
@CERTpy
7 Oct 2025
106 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔓 تم استغلال ثغرة Zero-Day في Zimbra (CVE-2025-27915) لاستهداف البرازيل عبر ملفات ICS خبيثة، تُنفّذ تعليمات جافاسكريبت ضمن جلسات البريد الإلكتروني. #Zimbra #ThreatIntel #أمن_معل
@f16roo
6 Oct 2025
6 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
💥 hackers broke Zimbra Collaboration SuiteUsing Zero-Day Vulnerability Cve-2025-27915 through files Icalendar (.ICS). This allowed them introduce harmful javascript, steal letters, logins, contacts and transfer data to third -party addresses. Company Strikeready discovered an
@Hack_Your_Mom
6 Oct 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CORTEX Protocol Alert: Zimbra zero-day (CVE-2025-27915) exploited via weaponized iCalendar files. Attackers hijack sessions + steal emails. Patch immediately. CORTEX: revoke sessions, block .ICS, audit rules. https://t.co/gSEqw07Yth
@the_c_protocol
6 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit #AppSec #Threat_Research 1⃣ Zimbra Exploit Analysis (CVE-2025-27915) https://t.co/8ovnzHtvXB // These exploits take advantage of .ics files to breach vulnerable systems 2⃣ Notepad++ DLL Hijacking (CVE-2025-56383) https://t.co/RGih3h81ws // If the threat actor has t
@ksg93rd
6 Oct 2025
45 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A security vulnerability, identified as CVE-2025-27915, was discovered in the Zimbra Collaboration Suite (ZCS) and exploited in zero-day attacks in January 2025. This flaw stemmed from insufficient sanitization of HTML content in iCalendar (.ICS) files. The zero-day https://t.co/
@CTIAcademy
6 Oct 2025
207 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Zimbra zero-day (CVE-2025-27915) exploited Brazilian military via malicious ICS files (XSS). Patch released! 🛡️ https://t.co/Re1lUypbC7 #Zimbra #ZeroDay #CyberSecurity #BrazilianMilitary #XSS
@0xT3chn0m4nc3r
6 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 تم استغلال ثغرة أمنية في Zimbra Collaboration لشن هجمات إلكترونية على الجيش البرازيلي باستخدام ملفات ICS خبيثة. تم تصنيف الثغرة، CVE-2025-27915، على أنها XSS مخزنة نتيجة
@Cybercachear
6 Oct 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A “harmless” ICS calendar file exploited Zimbra’s XSS zero-day flaw (CVE-2025-27915) — turning an invite into a full data stealer. Target: Brazil’s military. The script waited 72 hours before exfiltrating credentials. Read → https://t.co/cMtaf1a8lN
@TheHackersNews
6 Oct 2025
16316 Impressions
45 Retweets
110 Likes
32 Bookmarks
5 Replies
2 Quotes
Zimbraの脆弱性CVE-2025-27915がゼロデイ攻撃に悪用される https://t.co/rWHBqFKQsv #Security #セキュリティー #ニュース
@SecureShield_
6 Oct 2025
89 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Zero-day flaw CVE-2025-27915 in Zimbra Collaboration Suite exploited via malicious iCalendar files enables JavaScript payload delivery, targeting military orgs. Attribution hints at Russian and Belarusian groups. #ZimbraFlaw #ICSattack #Belarus https://t.co/K9a9G9cDeo
@TweetThreatNews
5 Oct 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zimbra Collaboration Suite has patched critical vulnerabilities, including XSS, SQLi, and SSRF. Important to apply updates to maintain security. CVE-2025-27915, CVE-2025-25064, CVE-2025-25065. 🔒 #Zimbra #DataProtection #USA link: https://t.co/fFVt5BVFdz https://t.co/zjX96qTX5y
@TweetThreatNews
20 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C6FE250-3D65-4EE0-B8B3-09466C31021D",
"versionEndExcluding": "10.0.13",
"versionStartIncluding": "10.0.0"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7A59D9D-6B4E-4A2B-B3F7-9386C3972A53",
"versionEndExcluding": "10.1.5",
"versionStartIncluding": "10.1.0"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "685D9652-2934-4C13-8B36-40582C79BFC1"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDE59185-B917-4A81-8DE4-C65A079F52FE"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA3ED95F-95F2-4676-8EAF-B4B9EB64B260"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BB93336-CC3C-4B7F-B194-7DED036ABBAF"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "876F1675-F65C-4E86-ADBD-36EB8D8A997D"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2306F526-9C56-4A57-AA9B-02F2D6058C97"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C77A35B7-96F6-43A7-A747-C6AEEDE961E1"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC35882B-E709-42D8-8800-F1B734CEAFC3"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12D0D469-6C9B-4B66-9581-DC319773238A"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40629BEB-DF4B-4FB8-8D3D-7BAC43C90766"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9503131F-CC23-4545-AE9C-9714B287CC25"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8113A4E3-AA96-4382-815D-6FD88BA42EC5"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC8C28E0-6C51-41EE-A7B2-DB185D1D8FD0"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p28:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "511B2BB8-6070-44AA-8800-963DBCBAF0EA"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p29:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49BBB2B4-571D-46B1-8569-12A65D0DF3D2"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p30:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD1DCE2B-D944-43AE-AD0E-9282DE6D618F"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p31:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2079B9F8-128B-487D-A965-E8B37FDF6304"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p32:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9679FD62-815E-47A8-8552-D28CE48B82B2"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p33:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D659AE6A-591E-4D5B-9781-9648250F5576"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p34:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4054E3E-561C-4B1C-A615-3CCE5CB69D77"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p35:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4FA0E9C4-25E4-4CD6-B88A-02B413385866"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p36:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D6F7CA3-C36A-466C-8FAD-D0B3CEF01F0E"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p37:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9684AC81-B557-4292-8402-AE55CB2E613C"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p38:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32A352C4-0E9C-436F-ADA7-D93492A18037"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p39:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABCA8698-AB88-4A6D-BD2B-DB22AEED6536"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p40:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CEE1CBDD-F205-4EA7-9E8B-5527BC134C74"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p41:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "101B7CC5-A583-44F2-AA4B-C055CBD8D86B"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p42:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8944F361-509A-4CCC-90AE-50B203EBFE97"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p43:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BAE8926F-C6E3-49F9-B46D-DE6CD2AB9D95"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82000BA4-1781-4312-A7BD-92EC94D137AE"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B52D301-2559-457A-8FFB-F0915299355A"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDC810C7-45DA-4BDF-9138-2D3B2750243E"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E09D95A4-764D-4E0B-8605-1D94FD548AB2"
}
],
"operator": "OR"
}
]
}
]