In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17.
References
Link | Resource |
---|---|
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
https://wiki.zimbra.com/wiki/Security_Center | Product |
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P10 | Third Party Advisory Vendor Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P17 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-12-16 20:15
Updated : 2020-12-22 09:26
NVD link : CVE-2020-35123
Mitre link : CVE-2020-35123
JSON object : View
CWE
CWE-611
Improper Restriction of XML External Entity Reference
Products Affected
zimbra
- collaboration