[11] The Zimbra Web Client is a full-featured collaboration suite that supports email and group calendars.

At one time it featured document-sharing using an Ajax web interface that enabled tool tips, drag-and-drop items, and right-click menus in the UI.

Also included are advanced searching capabilities and date relations, online document authoring, "Zimlet" mashups, and a full administration UI.

It includes technology from ClamAV, SpamAssassin and DSPAM for anti-malware features and S/MIME for email signing and encryption.

[9] In 2024, Zimbra was hit by a significant cyber attack[15] due to a Remote Code Execution (RCE) vulnerability, labeled CVE-2024-45519.

The flaw in Zimbra’s postjournal service allowed attackers to send specially crafted emails, enabling remote command execution on affected systems.

While the postjournal service isn’t active by default, its use in many setups made Zimbra an attractive target, especially since some instances lacked up-to-date security patches.