Zimbra Collaboration Server 8.7.x < 8.7.11p10 XML External Entity injection (XXE) vulnerability
High Nessus Plugin ID 127133
SynopsisThe remote web server contains a web application that is affected by an XXE vulnerability.
DescriptionMailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability.
Note that Nessus does not identify patch level or components versions for the Synacor Zimbra Collaboration Suite.
You will need to verify if the patch has been applied by executing the command 'zmcontrol -v' from the command line as the 'zimbra' user.
SolutionUpgrade to version 7.7.11p10 or later.