First published: Thu Dec 17 2020(Updated: )
In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zimbra Collaboration | >8.8.0<8.8.15 | |
Zimbra Collaboration | =8.8.15 | |
Zimbra Collaboration | =8.8.15-p1 | |
Zimbra Collaboration | =8.8.15-p10 | |
Zimbra Collaboration | =8.8.15-p11 | |
Zimbra Collaboration | =8.8.15-p12 | |
Zimbra Collaboration | =8.8.15-p13 | |
Zimbra Collaboration | =8.8.15-p14 | |
Zimbra Collaboration | =8.8.15-p15 | |
Zimbra Collaboration | =8.8.15-p16 | |
Zimbra Collaboration | =8.8.15-p2 | |
Zimbra Collaboration | =8.8.15-p3 | |
Zimbra Collaboration | =8.8.15-p4 | |
Zimbra Collaboration | =8.8.15-p5 | |
Zimbra Collaboration | =8.8.15-p6 | |
Zimbra Collaboration | =8.8.15-p7 | |
Zimbra Collaboration | =8.8.15-p8 | |
Zimbra Collaboration | =8.8.15-p9 | |
Zimbra Collaboration | =9.0.0 | |
Zimbra Collaboration | =9.0.0-p1 | |
Zimbra Collaboration | =9.0.0-p2 | |
Zimbra Collaboration | =9.0.0-p3 | |
Zimbra Collaboration | =9.0.0-p4 | |
Zimbra Collaboration | =9.0.0-p5 | |
Zimbra Collaboration | =9.0.0-p6 | |
Zimbra Collaboration | =9.0.0-p7 | |
Zimbra Collaboration | =9.0.0-p8 | |
Zimbra Collaboration | =9.0.0-p9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35123 is a vulnerability in Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17 that allows for XXE attacks.
CVE-2020-35123 has a severity level of 6.5 (medium).
To fix CVE-2020-35123, you need to update Zimbra Collaboration Suite Network Edition to version 9.0.0 Patch 10 or version 8.8.15 Patch 17.
You can find more information about CVE-2020-35123 in the Zimbra Security Center and the Zimbra Release pages for version 8.8.15 P17 and 9.0.0 P10.
The CWE ID for CVE-2020-35123 is 611.