ID CVE-2019-9670
Description mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability.
CVSS
  • Score: 7.5
  • Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL
CWE-ID CWE-611
Last Modified May 31, 2019
Available Solutions Apply upgrade of Zimbra Collaboration Suite 8.7.x to at least version 8.7.11p10

CPE-ID

Application Name/CPE-IDVendorProductVersionList of Vulnerabilities
Synacor Zimbra_collaboration_suite 8.7.0 synacor zimbra collaboration suite 8.7.0 9 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.0
Synacor Zimbra_collaboration_suite 8.7.1 synacor zimbra collaboration suite 8.7.1 10 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.1
Synacor Zimbra_collaboration_suite 8.7.10 synacor zimbra collaboration suite 8.7.10 9 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.10
Synacor Zimbra_collaboration_suite 8.7.11 synacor zimbra collaboration suite 8.7.11 9 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.11
Synacor Zimbra_collaboration_suite 8.7.11 p1 synacor zimbra collaboration suite 8.7.11 p1 7 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.11 p1
Synacor Zimbra_collaboration_suite 8.7.11 p2 synacor zimbra collaboration suite 8.7.11 p2 7 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.11 p2
Synacor Zimbra_collaboration_suite 8.7.11 p3 synacor zimbra collaboration suite 8.7.11 p3 7 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.11 p3
Synacor Zimbra_collaboration_suite 8.7.11 p4 synacor zimbra collaboration suite 8.7.11 p4 7 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.11 p4
Synacor Zimbra_collaboration_suite 8.7.11 p5 synacor zimbra collaboration suite 8.7.11 p5 7 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.11 p5
Synacor Zimbra_collaboration_suite 8.7.11 p6 synacor zimbra collaboration suite 8.7.11 p6 6 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.11 p6
Synacor Zimbra_collaboration_suite 8.7.11 p7 synacor zimbra collaboration suite 8.7.11 p7 4 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.11 p7
Synacor Zimbra_collaboration_suite 8.7.11 p8 synacor zimbra collaboration suite 8.7.11 p8 4 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.11 p8
Synacor Zimbra_collaboration_suite 8.7.11 p9 synacor zimbra collaboration suite 8.7.11 p9 3 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.11 p9
Synacor Zimbra_collaboration_suite 8.7.2 synacor zimbra collaboration suite 8.7.2 9 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.2
Synacor Zimbra_collaboration_suite 8.7.3 synacor zimbra collaboration suite 8.7.3 9 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.3
Synacor Zimbra_collaboration_suite 8.7.4 synacor zimbra collaboration suite 8.7.4 9 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.4
Synacor Zimbra_collaboration_suite 8.7.5 synacor zimbra collaboration suite 8.7.5 9 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.5
Synacor Zimbra_collaboration_suite 8.7.6 synacor zimbra collaboration suite 8.7.6 9 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.6
Synacor Zimbra_collaboration_suite 8.7.7 synacor zimbra collaboration suite 8.7.7 9 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.7
Synacor Zimbra_collaboration_suite 8.7.8 synacor zimbra collaboration suite 8.7.8 9 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.8
Synacor Zimbra_collaboration_suite 8.7.9 synacor zimbra collaboration suite 8.7.9 9 Vulnerabilties for Synacor Zimbra_collaboration_suite 8.7.9
Similar vulnerabilities

Pre-Condition

<set operator="and">
  <set operator="or">
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.0"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.1"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.2"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.3"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.4"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.5"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.6"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.7"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.8"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.9"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.10"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.11:-"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.11:p1"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.11:p2"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.11:p3"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.11:p4"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.11:p5"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.11:p6"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.11:p7"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.11:p8"/>
      <prop key="application" value="cpe:/a:synacor:zimbra_collaboration_suite:8.7.11:p9"/>
  </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

								

Post-Condition

<set operator="and">
    <prop key="target" value="host"/>
  <set operator="or">
      <prop key="program_influence" value="input"/>
      <prop key="program_influence" value="output"/>
      <prop key="program_influence" value="existence"/>
  </set>
    <prop key="data" value="any"/>
  <set operator="or">
      <prop key="data_influence" value="read"/>
      <prop key="data_influence" value="write"/>
      <prop key="data_influence" value="delete"/>
  </set>
  <set operator="or">
      <prop key="range" value="remote"/>
      <prop key="range" value="local"/>
  </set>
</set>