Transcription
CVE-2019-9670Published on: 05/29/2019 12:00:00 AM UTCLast Modified on: 06/26/2021 01:15:00 PM UTCCVE-2019-9670Source: MitreSource: NistPrint: PDFCertain versions of Zimbra Collaboration Suite from Synacor containthe following vulnerability:mailboxd component in Synacor Zimbra Collaboration Suite 8.7.xbefore 8.7.11p10 has an XML External Entity injection (XXE)vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.CVE-2019-9670 has been assigned byCVSS3 Score:cve@mitre.org to track the vulnerability - currently rated 7.5 - tialityImpactIntegrityImpactPARTIALPARTIALCVE ReferencesZimbraCollaboration- AutodiscoverServlet ANGEDDescriptionseverity.9.8 - CRITICALAttackVectorCVSS2 Score:CRITICALTagsExploitThird Party AdvisoryVDB Entrywww.exploit-db.comProof of ConceptLinkEXPLOIT-DB 46693AuthenticationNONEAvailabilityImpactPARTIAL
Proof of ConceptProxyServletSSRF(Metasploit) Linux remoteExploittext/htmlBug 109129 –XXE [CWE611]Issue TrackingMISC bugzilla.zimbra.com/show bug.cgi?id 109129Third Party Advisories Zimbra ::Tech CenterVendor AdvisoryZimbraCollaborationAutodiscoverServlet XXE /ProxyServletSSRF Packet StormExploitCVE-20199670: ZimbraCollaborationSuite odiscoverServlet XXEandProxyServletSSRFBroken LinkMISC wiki.zimbra.com/wiki/Zimbra Security Advisorieswiki.zimbra.comtext/htmlThird Party AdvisoryMISC htmlVDB isc.sans.edu/forums/diary/CVE20199670 Zimbra Collaboration Suite XXE vulnerability/27570/MISC a xxe rcewww.rapid7.comtext/htmlBy selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information thatwould be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites thatare more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages tocomment@cve.report.Related QID Numbers375990 Zimbra XML External Entity Injection (XXE) VulnerabilityExploit/POC from GithubZimbra RCE CVE-2019-9670Known Affected Configurations (CPE ApplicationSynacorZimbra Collaboration SuiteAllAllAllAllApplicationSynacorZimbra Collaboration Suite8.7.11-AllAllApplicationSynacorZimbra Collaboration Suite8.7.11p1AllAll
ApplicationSynacorZimbra Collaboration Suite8.7.11p2AllAllApplicationSynacorZimbra Collaboration Suite8.7.11p3AllAllApplicationSynacorZimbra Collaboration Suite8.7.11p4AllAllApplicationSynacorZimbra Collaboration Suite8.7.11p5AllAllApplicationSynacorZimbra Collaboration Suite8.7.11p6AllAllApplicationSynacorZimbra Collaboration Suite8.7.11p7AllAllApplicationSynacorZimbra Collaboration Suite8.7.11p8AllAllApplicationSynacorZimbra Collaboration Suite8.7.11p9AllAllApplicationSynacorZimbra Collaboration SuiteAllAllAllAllApplicationSynacorZimbra Collaboration Suite8.7.11-AllAllApplicationSynacorZimbra Collaboration Suite8.7.11p1AllAllApplicationSynacorZimbra Collaboration Suite8.7.11p2AllAllApplicationSynacorZimbra Collaboration Suite8.7.11p3AllAllApplicationSynacorZimbra Collaboration Suite8.7.11p4AllAllApplicationSynacorZimbra Collaboration Suite8.7.11p5AllAllApplicationSynacorZimbra Collaboration Suite8.7.11p6AllAllApplicationSynacorZimbra Collaboration Suite8.7.11p7AllAllApplicationSynacorZimbra Collaboration Suite8.7.11p8AllAllApplicationSynacorZimbra Collaboration Suite8.7.11p9AllAllcpe:2.3:a:synacor:zimbra collaboration suite:*:*:*:*:*:*:*:*:cpe:2.3:a:synacor:zimbra collaboration a collaboration ra collaboration ra collaboration ra collaboration ra collaboration ra collaboration ra collaboration ra collaboration ra collaboration ra collaboration suite:*:*:*:*:*:*:*:*:cpe:2.3:a:synacor:zimbra collaboration suite:8.7.11:-:*:*:*:*:*:*:
cpe:2.3:a:synacor:zimbra collaboration ra collaboration ra collaboration ra collaboration ra collaboration ra collaboration ra collaboration ra collaboration ra collaboration suite:8.7.11:p9:*:*:*:*:*:*:No vendor comments have been submitted for this CVESocial MentionsSourceTitlePosted (UTC)@uglymotherfuck5 this shit exploit CVE-2019-96702021-04-1400:10:45@Vertical TitanIf you haven't done so already, you need to patch these buttons bulbs ASAP! CVE-2018-13379CVE-2019-9670 CVE-2019- twitter.com/i/web/status/1 2021-04-1514:50:54@cyberseguridadAlerta sobre las siguientes vulnerabilidades de VPN activamente explotadas. CVE-2018-13379Fortinet/CVE-2019-9670 S twitter.com/i/web/status/1 2021-04-1516:38:36@jcastil2001CVE-2018-13379 Fortinet FortiGate VPN CVE-2019-9670 Synacor Zimbra Collaboration SuiteCVE-2019-11510 Pulse Secure twitter.com/i/web/status/1 2021-04-1523:04:37@xrpcrypticdadCVE-2018-13379 Fortinet FortiGate VPN CVE-2019-9670 Synacor Zimbra Collaboration SuiteCVE-2019-11510 Pulse Secur twitter.com/i/web/status/1 2021-04-1603:18:15@arukuprobe の脆弱性は以下のもの。 ・CVE-2018-13379 ・CVE-2019-9670 ・CVE-2019-11510 ・CVE-2019-19781 ・CVE-20204006 ほほう、、2021-04-1613:49:15@Har siaCVE-2019-9670 har-sia.info/CVE-2019-9670. #HarsiaInfo2021-04-1618:29:04@kurtshGet patched. Russians are STILL using these holes: CVE-2018-13379 Fortinet FortiGate VPNCVE-2019-9670 Synacor Zimb twitter.com/i/web/status/1 2021-04-1623:06:22CVE-2019-9670 #Synacor Zimbra Collaboration Suite2021-04-2207:58:11CVE-2019-9670 #Synacor Zimbra Collaboration Suite2021-04-2208:00:08CVE-2018-13379 Fortinet FortiGate VPN CVE-2019-9670 Synacor Zimbra Collaboration SuiteCVE-2019-11510 Pulse Secure twitter.com/i/web/status/1 2021-04-2506:03:26@ul shinoCVE-2018-13379 Fortinet FortiGate VPN CVE-2019-9670 Synacor Zimbra Collaboration SuiteCVE-2019-11510 Pulse Secure twitter.com/i/web/status/1 2021-04-2506:14:08@Har siaCVE-2018-13379 CVE-2019-9670 CVE-2019-11510 CVE-2019-19781 reenboneEN@Gardenia pwmb
06:21:34@banpercieFortinet FortiGate VPN CVE-2019-9670: paquete de colaboración Synacor Zimbra CVE-201911510: VPN segura Pulse Secur twitter.com/i/web/status/1 2021-05-0815:54:27@sans iscCVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability 1-06-2610:13:15@aglongoCVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability, (Sat, Jun 26th)twib.in/l/xxdadgkkRKg4 #CyberSecurity 9670: Zimbra Collaboration Suite XXE vulnerability, (Sat, Jun 26th)itsecuritynews.info/cve-2019-9670- 2021-06-2610:35:20@SofiaITCCVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability, (Sat, Jun 26th)news.sofiaitc.com/S2VdRS #SofiaITC #Technology 70: Zimbra Collaboration Suite XXE vulnerability, (Sat, Jun 26th)isc.sans.edu/diary/rss/2757 2021-06-2610:55:03@HendrikLierCVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability, (Sat, Jun 26th) (via@CSecurityAlerts #Cybersecurity N twitter.com/i/web/status/1 2021-06-2610:59:36@IT securitynews Previous IDNext ID CVE.report 2022 Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard tothis information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy,completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANYconsequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. Thissite will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE website. This site includes MITRE data granted under the following license.CVE.report and Source URL Uptime Status status.cve.report
Application Synacor Zimbra Collaboration Suite 8.7.11 p2 All All Application Synacor Zimbra Collaboration Suite 8.7.11 p3 All All Application Synacor Zimbra Collaboration Suite 8.7.11 p4 All All
