CVE-2020-35123
MEDIUMZimbra Collaboration Suite <9.0.0 P10-8.8.15 P17 - XXE
Title source: llmDescription
In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17.
References (4)
Core 4
Core References
Product x_refsource_confirm
https://wiki.zimbra.com/wiki/Security_Center
Vendor Advisory x_refsource_confirm
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Third Party Advisory, Vendor Advisory x_refsource_confirm
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P10
Release Notes, Vendor Advisory x_refsource_confirm
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P17
Scores
CVSS v3
6.5
EPSS
0.0148
EPSS Percentile
70.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (3)
zimbra/collaboration
8.8.15 (17 CPE variants)
zimbra/collaboration
9.0.0 (10 CPE variants)
zimbra/collaboration
8.8.0 - 8.8.15
Published
Dec 17, 2020
Tracked Since
Feb 18, 2026