Lucene search
K

CVE-2019-9670

🗓️ 29 May 2019 21:04:28Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 1475 Views🌐 WEB

Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 XML External Entity injection vulnerabilit

Related
Detection
Refs
Paths
Social
ParameterPositionPathDescriptionCWE
EMailAddressrequest bodyautodiscoverXML External Entity (XXE) in Autodiscover servlet allows reading local files (e.g., /etc/passwd /opt/zimbra/conf/localconfig.xml) via DOCTYPE/ENTITY injection.CWE-611
AcceptableResponseSchemarequest bodyautodiscoverXML External Entity (XXE) in Autodiscover servlet allows reading local files (e.g., /etc/passwd /opt/zimbra/conf/localconfig.xml) via DOCTYPE/ENTITY injection.CWE-611
REPLACErequest bodyautodiscoverXML External Entity (XXE) in Autodiscover servlet allows reading local files (e.g., /etc/passwd /opt/zimbra/conf/localconfig.xml) via DOCTYPE/ENTITY injection.CWE-611
AuthRequestrequest bodyservice/proxy/Server-side request forgery (SSRF) via ProxyServlet to remotely proxy an AuthRequest to the admin interface, enabling credential chaining and admin access.CWE-611
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 02:44Current
9.6High risk
Vulners AI Score9.6
CVSS 27.5
CVSS 3.19.8
EPSS0.99986
SSVC
1475