4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
57.8%
According to its self-reported version number, Zimbra Collaboration Server is 9.x prior to 9.0.0 Patch 2. It is, therefore, affected by a cross-site scripting (XSS) vulnerability in the web client. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user’s browser session.
Note that Nessus does not identify patch level or components versions for the Synacor Zimbra Collaboration Suite. You will need to verify if the patch has been applied by executing the command ‘zmcontrol -v’ from the command line as the ‘zimbra’ user.
##
# (C) Tenable Network Security, Inc.
##
include('compat.inc');
if (description)
{
script_id(142893);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/07/19");
script_cve_id("CVE-2020-11737");
script_xref(name:"IAVA", value:"2020-A-0532-S");
script_name(english:"Zimbra Collaboration Server 9.x < 9.0.0 P2 XSS");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a web application that is affected by an XSS vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, Zimbra Collaboration Server is 9.x prior to 9.0.0 Patch 2. It is,
therefore, affected by a cross-site scripting (XSS) vulnerability in the web client. An unauthenticated, remote
attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a
user's browser session.
Note that Nessus does not identify patch level or components versions for the Synacor Zimbra Collaboration Suite. You
will need to verify if the patch has been applied by executing the command 'zmcontrol -v' from the command line as the
'zimbra' user.");
script_set_attribute(attribute:"see_also", value:"https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P2");
script_set_attribute(attribute:"see_also", value:"https://blog.zimbra.com/2020/05/new-zimbra-9-kepler-patch-2/");
script_set_attribute(attribute:"solution", value:
"Upgrade to version 9.0.0 Patch 2, or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-11737");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/04");
script_set_attribute(attribute:"patch_publication_date", value:"2020/05/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/11/13");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:zimbra:collaboration_suite");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("zimbra_web_detect.nbin");
script_require_keys("www/zimbra_zcs", "Settings/ParanoidReport");
script_require_ports("Services/www", 80, 443, 7071);
exit(0);
}
include('http.inc');
include('vcf.inc');
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = get_http_port(default:443);
app = 'zimbra_zcs';
app_full_name = 'Zimbra Collaboration Server';
vcf::add_separator('_');
app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);
# Change app name for audit trail
app_info.app = app_full_name;
# We cannot detect patch level, so we need to flag all of 9.0.0
constraints = [
{ 'min_version' : '9.0.0', 'fixed_version' : '9.0.1', 'fixed_display' : '9.0.0 Patch 2' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{'xss':TRUE});
Vendor | Product | Version | CPE |
---|---|---|---|
zimbra | collaboration_suite | cpe:/a:zimbra:collaboration_suite |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
57.8%