CVE-2020-35123: XEE
First published: Thu Dec 17 2020(Updated: )
In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zimbra Collaboration | >8.8.0<8.8.15 | |
| Zimbra Collaboration | =8.8.15 | |
| Zimbra Collaboration | =8.8.15-p1 | |
| Zimbra Collaboration | =8.8.15-p10 | |
| Zimbra Collaboration | =8.8.15-p11 | |
| Zimbra Collaboration | =8.8.15-p12 | |
| Zimbra Collaboration | =8.8.15-p13 | |
| Zimbra Collaboration | =8.8.15-p14 | |
| Zimbra Collaboration | =8.8.15-p15 | |
| Zimbra Collaboration | =8.8.15-p16 | |
| Zimbra Collaboration | =8.8.15-p2 | |
| Zimbra Collaboration | =8.8.15-p3 | |
| Zimbra Collaboration | =8.8.15-p4 | |
| Zimbra Collaboration | =8.8.15-p5 | |
| Zimbra Collaboration | =8.8.15-p6 | |
| Zimbra Collaboration | =8.8.15-p7 | |
| Zimbra Collaboration | =8.8.15-p8 | |
| Zimbra Collaboration | =8.8.15-p9 | |
| Zimbra Collaboration | =9.0.0 | |
| Zimbra Collaboration | =9.0.0-p1 | |
| Zimbra Collaboration | =9.0.0-p2 | |
| Zimbra Collaboration | =9.0.0-p3 | |
| Zimbra Collaboration | =9.0.0-p4 | |
| Zimbra Collaboration | =9.0.0-p5 | |
| Zimbra Collaboration | =9.0.0-p6 | |
| Zimbra Collaboration | =9.0.0-p7 | |
| Zimbra Collaboration | =9.0.0-p8 | |
| Zimbra Collaboration | =9.0.0-p9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-35123?
CVE-2020-35123 is a vulnerability in Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17 that allows for XXE attacks.
How severe is CVE-2020-35123?
CVE-2020-35123 has a severity level of 6.5 (medium).
How can I fix CVE-2020-35123?
To fix CVE-2020-35123, you need to update Zimbra Collaboration Suite Network Edition to version 9.0.0 Patch 10 or version 8.8.15 Patch 17.
Where can I find more information about CVE-2020-35123?
You can find more information about CVE-2020-35123 in the Zimbra Security Center and the Zimbra Release pages for version 8.8.15 P17 and 9.0.0 P10.
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-35123?
The CWE ID for CVE-2020-35123 is 611.
- collector/nvd-index
- agent/references
- agent/type
- vendor/zimbra
- canonical/zimbra collaboration
- version/zimbra collaboration/8.8.15
- version/zimbra collaboration/8.8.15-p1
- version/zimbra collaboration/8.8.15-p10
- version/zimbra collaboration/8.8.15-p11
- version/zimbra collaboration/8.8.15-p12
- version/zimbra collaboration/8.8.15-p13
- version/zimbra collaboration/8.8.15-p14
- version/zimbra collaboration/8.8.15-p15
- version/zimbra collaboration/8.8.15-p16
- version/zimbra collaboration/8.8.15-p2
- version/zimbra collaboration/8.8.15-p3
- version/zimbra collaboration/8.8.15-p4
- version/zimbra collaboration/8.8.15-p5
- version/zimbra collaboration/8.8.15-p6
- version/zimbra collaboration/8.8.15-p7
- version/zimbra collaboration/8.8.15-p8
- version/zimbra collaboration/8.8.15-p9
- version/zimbra collaboration/9.0.0
- version/zimbra collaboration/9.0.0-p1
- version/zimbra collaboration/9.0.0-p2
- version/zimbra collaboration/9.0.0-p3
- version/zimbra collaboration/9.0.0-p4
- version/zimbra collaboration/9.0.0-p5
- version/zimbra collaboration/9.0.0-p6
- version/zimbra collaboration/9.0.0-p7
- version/zimbra collaboration/9.0.0-p8
- version/zimbra collaboration/9.0.0-p9