CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Jul 10, 2022
Description
Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component.
CVSS Score
9.8/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HEPSS — Exploit Probability
94.4%
Higher than 100.0% of all CVEs
Weakness Classification (CWE)
Known Exploits
POChttp://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.htmlExploithttps://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570/Exploithttps://www.exploit-db.com/exploits/46693/Exploithttp://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.htmlExploithttps://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570/Exploithttps://www.exploit-db.com/exploits/46693/Exploit
Required Action
https://nvd.nist.gov/vuln/detail/CVE-2019-9670
Risk Assessment
CRITICALIn CISA KEV
Known exploit
Critical CVSS
High EPSS
Details
- Severity
- High
- CVSS
- 9.8
- EPSS
- 94.4%
- CWE
- CWE-611
- Exploit
- POC
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 0
Timeline
Published
Jan 10, 2022
Added to KEV
Jan 10, 2022
Remediation Due
Jul 10, 2022