CVE-2020-35123

moderate-risk

Published 2020-12-17

In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17.

Do I need to act?

0.84% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Collaboration

Affected Vendors

Zimbra

References (8)

Product https://wiki.zimbra.com/wiki/Security_Center

Release Notes https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P17

Third Party Advisory https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P10

Vendor Advisory https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Product https://wiki.zimbra.com/wiki/Security_Center

Release Notes https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P17

Third Party Advisory https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P10

Vendor Advisory https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 3/34 · Minimal

Exposure 22/34 · High