Vulnerabilities > CVE-2018-20160 - XXE vulnerability in Synacor Zimbra Collaboration Suite
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugzilla.zimbra.com/show_bug.cgi?id=109093
- https://bugzilla.zimbra.com/show_bug.cgi?id=109093
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories