NVD - CVE-2026-33372 (original) (raw)
Change History
5 change records found show changes
CVE Modified by CISA-ADP 6/17/2026 6:37:23 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | SSVC | {"timestamp":"2026-03-23T13:40:32.695928Z","id":"CVE-2026-33372","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"} |
CVE Modified by MITRE 6/17/2026 6:37:23 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Affected | [{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}] |
Initial Analysis by NIST 4/01/2026 11:32:50 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CPE Configuration | OR *cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:* versions from (including) 10.0.0 up to (excluding) 10.1.16 | |
| Added | Reference Type | MITRE: https://wiki.zimbra.com/wiki/Security\_Center Types: Release Notes, Vendor Advisory | |
| Added | Reference Type | MITRE: https://wiki.zimbra.com/wiki/Zimbra\_Releases/10.1.16#Security\_Fixes Types: Release Notes | |
| Added | Reference Type | MITRE: https://wiki.zimbra.com/wiki/Zimbra\_Responsible\_Disclosure\_Policy Types: Product | |
| Added | Reference Type | MITRE: https://wiki.zimbra.com/wiki/Zimbra\_Security\_Advisories Types: Vendor Advisory |
CVE Modified by CISA-ADP 3/23/2026 10:16:34 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CVSS V3.1 | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | |
| Added | CWE | CWE-352 |
New CVE Received from MITRE 3/20/2026 10:16:16 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Description | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A cross-site request forgery (CSRF) vulnerability exists in Zimbra Webmail due to improper validation of CSRF tokens. The application accepts CSRF tokens supplied within the request body instead of requiring them through the expected request header. An attacker can exploit this issue by tricking an authenticated user into submitting a crafted request. This may allow unauthorized actions to be performed on behalf of the victim. | |
| Added | Reference | https://wiki.zimbra.com/wiki/Security\_Center | |
| Added | Reference | https://wiki.zimbra.com/wiki/Zimbra\_Releases/10.1.16#Security\_Fixes | |
| Added | Reference | https://wiki.zimbra.com/wiki/Zimbra\_Responsible\_Disclosure\_Policy | |
| Added | Reference | https://wiki.zimbra.com/wiki/Zimbra\_Security\_Advisories |