Primary

Context

Zimbra Collaboration Hardcoded Flickr API Credentials Vulnerability

Vulnerability

Patched

A vulnerability exists in Zimbra Collaboration (ZCS) versions 10.0 and 10.1 due to hardcoded Flickr API credentials in the publicly accessible Flickr Zimlet. These credentials, embedded directly in the Zimlet, can be retrieved by unauthorized parties and misused to access users' Flickr data by initiating valid OAuth flows, potentially leading to unauthorized data access. The credentials have since been removed and the associated key revoked.

Impact

Exploitation allows unauthorized access to users' Flickr data via misused OAuth flows, impersonating the legitimate application.

Remediation

Users can upgrade to ZCS versions 10.1.13 or 10.0.18, both of which include the removal of the hardcoded Flickr API credentials.

Added: Dec 15, 2025, 8:18 PM

Updated: Dec 15, 2025, 9:48 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zimbra Collaboration Hardcoded Flickr API Credentials Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Zimbra Collaboration

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating