In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17.
References
Link | Resource |
---|---|
https://wiki.zimbra.com/wiki/Security_Center | Product |
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P17 | Release Notes Vendor Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P10 | Third Party Advisory Vendor Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
https://wiki.zimbra.com/wiki/Security_Center | Product |
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P17 | Release Notes Vendor Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P10 | Third Party Advisory Vendor Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://wiki.zimbra.com/wiki/Security_Center - Product | |
References | () https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P17 - Release Notes, Vendor Advisory | |
References | () https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P10 - Third Party Advisory, Vendor Advisory | |
References | () https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories - Vendor Advisory |
Information
Published : 2020-12-17 04:15
Updated : 2024-11-21 05:26
NVD link : CVE-2020-35123
Mitre link : CVE-2020-35123
CVE.ORG link : CVE-2020-35123
JSON object : View
Products Affected
zimbra
- collaboration
CWE
CWE-611
Improper Restriction of XML External Entity Reference