Описание
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability.
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-9670
- https://bugzilla.zimbra.com/show_bug.cgi?id=109129
- https://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-9670
- https://www.exploit-db.com/exploits/46693
- http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html
- http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce
Связанные уязвимости
CVSS3: 9.8
nvd
больше 6 лет назад
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
CVSS3: 9.8
fstec
больше 6 лет назад
Уязвимость компонента mailboxd (Autodiscover/Autodiscover.xml) корпоративной системы управления электронной почтой Zimbra Collaboration Suite, позволяющая нарушителю осуществить XXE-атаку