Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2019-9670
HistoryMay 29, 2019 - 10:29 p.m.

CVE-2019-9670

2019-05-2922:29:01
CWE-611
[email protected]
web.nvd.nist.gov
1

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.

Affected configurations

NVD
Node
synacorzimbra_collaboration_suiteRange8.7.08.7.11
OR
synacorzimbra_collaboration_suiteMatch8.7.11-
OR
synacorzimbra_collaboration_suiteMatch8.7.11p1
OR
synacorzimbra_collaboration_suiteMatch8.7.11p2
OR
synacorzimbra_collaboration_suiteMatch8.7.11p3
OR
synacorzimbra_collaboration_suiteMatch8.7.11p4
OR
synacorzimbra_collaboration_suiteMatch8.7.11p5
OR
synacorzimbra_collaboration_suiteMatch8.7.11p6
OR
synacorzimbra_collaboration_suiteMatch8.7.11p7
OR
synacorzimbra_collaboration_suiteMatch8.7.11p8
OR
synacorzimbra_collaboration_suiteMatch8.7.11p9

Related

nessus 1
prion 1
nuclei 1
osv 1
githubexploit 2
cve 1
cisa_kev 1
cvelist 1
attackerkb 2
zdt 1
packetstorm 1
threatpost 3
malwarebytes 2
thn 5
cisa 2
qualysblog 1
ics 1
nessus
nessus
Zimbra Collaboration Server 8.7.x < 8.7.11p10 XML External Entity injection (XXE) vulnerability
2019-08-12 00:00:00
prion
prion
Xxe
2019-05-29 22:29:00
nuclei
nuclei
Synacor Zimbra Collaboration <8.7.11p10 - XML External Entity Injection
2020-10-29 10:53:46
osv
osv
CVE-2019-9670
2019-05-29 22:29:01
githubexploit
githubexploit
Exploit for Improper Restriction of XML External Entity Reference in Synacor Zimbra Collaboration Suite
2019-08-16 04:37:11
Exploit for Improper Restriction of XML External Entity Reference in Synacor Zimbra Collaboration Suite
2019-08-16 15:22:27
cve
cve
CVE-2019-9670
2019-05-29 22:29:01
cisa_kev
cisa_kev
Synacor Zimbra Collaboration (ZCS) Improper Restriction of XML External Entity Reference
2022-01-10 00:00:00
cvelist
cvelist
CVE-2019-9670
2019-05-29 21:04:28
attackerkb
attackerkb
Zimbra Collaboration Suite Autodiscover XXE
2019-05-29 00:00:00
CVE-2019-9670
2019-05-29 00:00:00
zdt
zdt
Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF Exploit
2019-04-11 00:00:00
packetstorm
packetstorm
Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF
2019-04-11 00:00:00
threatpost
threatpost
Zimbra Server Bugs Could Lead to Email Plundering
2021-07-27 17:30:28
Hackers Look to Steal COVID-19 Vaccine Research
2020-07-16 18:05:20
NSA: 5 Security Bugs Under Active Nation-State Cyberattack
2021-04-16 18:10:09
malwarebytes
malwarebytes
Atomic research institute breached via VPN vulnerability
2021-06-21 13:53:03
Patch now! NSA, CISA, and FBI warn of Russian intelligence exploiting 5 vulnerabilities
2021-04-16 14:59:38
thn
thn
FBI, CISA Uncover Tactics Employed by Russian Intelligence Hackers
2021-04-27 09:14:00
US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack
2021-04-15 16:55:00
Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities
2023-09-19 11:10:00
cisa
cisa
NSA-CISA-FBI Joint Advisory on Russian SVR Targeting U.S. and Allied Networks
2021-04-15 00:00:00
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
2022-01-10 00:00:00
qualysblog
qualysblog
Russia-Ukraine Crisis: How to Strengthen Your Security Posture to Protect against Cyber Attack, based on CISA Guidelines
2022-02-26 20:20:32
ics
ics
Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
2022-03-01 12:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON
Related for NVD:CVE-2019-9670
nessus1prion1nuclei1osv1githubexploit2cve1cisa_kev1cvelist1attackerkb2zdt1packetstorm1threatpost3malwarebytes2thn5cisa2qualysblog1ics1