Vulnerability Description
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synacor | Zimbra Collaboration Suite | >= 8.7.0, < 8.7.11 |
Related Weaknesses (CWE)
References
- https://bugzilla.zimbra.com/show_bug.cgi?id=109093Issue TrackingThird Party Advisory
- https://wiki.zimbra.com/wiki/Security_CenterRelease NotesVendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Security_AdvisoriesVendor Advisory
- https://bugzilla.zimbra.com/show_bug.cgi?id=109093Issue TrackingThird Party Advisory
- https://wiki.zimbra.com/wiki/Security_CenterRelease NotesVendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Security_AdvisoriesVendor Advisory
FAQ
What is CVE-2018-20160?
CVE-2018-20160 is a vulnerability with a CVSS score of 9.8 (CRITICAL). ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request...
How severe is CVE-2018-20160?
CVE-2018-20160 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-20160?
Check the references section above for vendor advisories and patch information. Affected products include: Synacor Zimbra Collaboration Suite.