Zimbra Collaboration Server 8.7.x < 8.7.11p10 XML External Entity injection (XXE) vulnerability

critical Nessus Plugin ID 127133

Synopsis

The remote web server contains a web application that is affected by an XXE vulnerability.

Description

Mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability.

Note that Nessus does not identify patch level or components versions for the Synacor Zimbra Collaboration Suite.
You will need to verify if the patch has been applied by executing the command 'zmcontrol -v' from the command line as the 'zimbra' user.

Solution

Upgrade to version 7.7.11p10 or later.

See Also

http://www.nessus.org/u?803cb0df

http://www.nessus.org/u?6ff4b6a4

https://www.exploit-db.com/exploits/46693

Plugin Details

Severity: Critical

ID: 127133

File Name: zimbra_8_7_11p10.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 8/12/2019

Updated: 2/25/2022

Configuration: Enable paranoid mode

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:H/RL:OF/RC:C

CVSS Score Source: CVE-2019-9670

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:zimbra:collaboration_suite

Required KB Items: www/zimbra_zcs, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/28/2019

Vulnerability Publication Date: 5/29/2019

CISA Known Exploited Dates: 7/10/2022

Exploitable With

Metasploit (Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF)

Reference Information

CVE: CVE-2019-9670

IAVA: 2019-A-0276

EDB-ID: 46693

CISA-NCAS: AA22-011A