Vulnerabilities > CVE-2020-35123 - XXE vulnerability in Zimbra Collaboration
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P17
- https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P17
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P10
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P10
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories