Published: 29/05/2019 Updated: 30/05/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Zimbra could allow a remote authenticated malicious user to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by the chat component. By sending a specially-crafted XML request to mailbox. A remote attacker could exploit this vulnerability to obtain sensitive information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
synacor zimbra collaboration suite
synacor zimbra collaboration suite 8.7.11
synacor zimbra collaboration suite 8.8.9
synacor zimbra collaboration suite 8.8.10
synacor zimbra collaboration suite 8.8.11

CWE-611 https://bugzilla.zimbra.com/show_bug.cgi?id=109093 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://nvd.nist.gov https://exchange.xforce.ibmcloud.com/vulnerabilities/161913

CVE-2018-20160

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

References