CVE-2020-35123

EPSS 0.84%
Veröffentlicht 17.12.2020 04:15:12
Zuletzt bearbeitet 21.11.2024 05:26:48
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zimbra ≫ Collaboration Version > 8.8.0 < 8.8.15

Zimbra ≫ Collaboration Version8.8.15 Update-

Zimbra ≫ Collaboration Version8.8.15 Updatep1

Zimbra ≫ Collaboration Version8.8.15 Updatep10

Zimbra ≫ Collaboration Version8.8.15 Updatep11

Zimbra ≫ Collaboration Version8.8.15 Updatep12

Zimbra ≫ Collaboration Version8.8.15 Updatep13

Zimbra ≫ Collaboration Version8.8.15 Updatep14

Zimbra ≫ Collaboration Version8.8.15 Updatep15

Zimbra ≫ Collaboration Version8.8.15 Updatep16

Zimbra ≫ Collaboration Version8.8.15 Updatep2

Zimbra ≫ Collaboration Version8.8.15 Updatep3

Zimbra ≫ Collaboration Version8.8.15 Updatep4

Zimbra ≫ Collaboration Version8.8.15 Updatep5

Zimbra ≫ Collaboration Version8.8.15 Updatep6

Zimbra ≫ Collaboration Version8.8.15 Updatep7

Zimbra ≫ Collaboration Version8.8.15 Updatep8

Zimbra ≫ Collaboration Version8.8.15 Updatep9

Zimbra ≫ Collaboration Version9.0.0 Update-

Zimbra ≫ Collaboration Version9.0.0 Updatep1

Zimbra ≫ Collaboration Version9.0.0 Updatep2

Zimbra ≫ Collaboration Version9.0.0 Updatep3

Zimbra ≫ Collaboration Version9.0.0 Updatep4

Zimbra ≫ Collaboration Version9.0.0 Updatep5

Zimbra ≫ Collaboration Version9.0.0 Updatep6

Zimbra ≫ Collaboration Version9.0.0 Updatep7

Zimbra ≫ Collaboration Version9.0.0 Updatep8

Zimbra ≫ Collaboration Version9.0.0 Updatep9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.84%	0.74

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Vendor Advisory

https://wiki.zimbra.com/wiki/Security_Center

Product

https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P17

Vendor Advisory

Release Notes

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P10

Third Party Advisory

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-35123

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-35123

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-35123

EUVD