mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSynacor Zimbra Collaboration Suite
APPSynacor8.7.118.7.0 – 8.7.11 (bez)
CISA KEV — szczegółyi
- Dostawcai
- Synacor
- Produkti
- Zimbra Collaboration Suite (ZCS)
- Data dodania do KEVi
- 10 stycznia 2022
- Termin remediation (USA)i
- 10 lipca 2022(po terminie)
Zastosuj aktualizacje zgodnie z instrukcjami producenta.
▸ Pokaż oryginał (EN)
Apply updates per vendor instructions.
Synacor Zimbra Collaboration Suite (ZCS) zawiera lukę XXE (improper restriction of XML external entity) w komponencie mailboxd.
▸ Pokaż oryginał (EN)
Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component.
Powiązane podatności
RCE w usłudze postjournal Zimbra Collaboration Suite — command injection bez uwierzytelnienia
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute ar...
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files t...
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and e...
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet J...