CVE-2018-20160
29.05.2019, 22:29
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.Enginsight
| Vendor | Product | Version |
|---|---|---|
| synacor | zimbra_collaboration_suite | 8.7.0 ≤ 𝑥 < 8.7.11 |
| synacor | zimbra_collaboration_suite | 8.8.0 ≤ 𝑥 < 8.8.9 |
| synacor | zimbra_collaboration_suite | 8.7.11 |
| synacor | zimbra_collaboration_suite | 8.7.11:p1 |
| synacor | zimbra_collaboration_suite | 8.7.11:p2 |
| synacor | zimbra_collaboration_suite | 8.7.11:p3 |
| synacor | zimbra_collaboration_suite | 8.7.11:p4 |
| synacor | zimbra_collaboration_suite | 8.7.11:p5 |
| synacor | zimbra_collaboration_suite | 8.7.11:p6 |
| synacor | zimbra_collaboration_suite | 8.7.11:p7 |
| synacor | zimbra_collaboration_suite | 8.7.11:p8 |
| synacor | zimbra_collaboration_suite | 8.7.11:p9 |
| synacor | zimbra_collaboration_suite | 8.8.9 |
| synacor | zimbra_collaboration_suite | 8.8.9:p1 |
| synacor | zimbra_collaboration_suite | 8.8.9:p2 |
| synacor | zimbra_collaboration_suite | 8.8.9:p3 |
| synacor | zimbra_collaboration_suite | 8.8.9:p4 |
| synacor | zimbra_collaboration_suite | 8.8.9:p6 |
| synacor | zimbra_collaboration_suite | 8.8.9:p7 |
| synacor | zimbra_collaboration_suite | 8.8.9:p8 |
| synacor | zimbra_collaboration_suite | 8.8.10 |
| synacor | zimbra_collaboration_suite | 8.8.10:p2 |
| synacor | zimbra_collaboration_suite | 8.8.10:p3 |
| synacor | zimbra_collaboration_suite | 8.8.10:p4 |
| synacor | zimbra_collaboration_suite | 8.8.11 |
𝑥
= Vulnerable software versions
References