CVE-2020-35123

In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17.

Published: Dec 17, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-35123
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
zimbra / collaboration	9.0.0	9.0.0.x
zimbra / collaboration	9.0.0-p2	9.0.0-p2.x
zimbra / collaboration	9.0.0-p3	9.0.0-p3.x
zimbra / collaboration	9.0.0-p4	9.0.0-p4.x
zimbra / collaboration	9.0.0-p5	9.0.0-p5.x
zimbra / collaboration	9.0.0-p6	9.0.0-p6.x
zimbra / collaboration	9.0.0-p7	9.0.0-p7.x
zimbra / collaboration	9.0.0-p8	9.0.0-p8.x
zimbra / collaboration	9.0.0-p9	9.0.0-p9.x
zimbra / collaboration	9.0.0-p1	9.0.0-p1.x
zimbra / collaboration	8.8.15-p10	8.8.15-p10.x
zimbra / collaboration	8.8.15-p11	8.8.15-p11.x
zimbra / collaboration	8.8.15-p16	8.8.15-p16.x
zimbra / collaboration	8.8.15-p15	8.8.15-p15.x
zimbra / collaboration	8.8.15-p14	8.8.15-p14.x
zimbra / collaboration	8.8.15-p13	8.8.15-p13.x
zimbra / collaboration	8.8.15-p12	8.8.15-p12.x
zimbra / collaboration	8.8.15-p1	8.8.15-p1.x
zimbra / collaboration	8.8.15-p2	8.8.15-p2.x
zimbra / collaboration	8.8.15-p3	8.8.15-p3.x
zimbra / collaboration	8.8.15-p4	8.8.15-p4.x
zimbra / collaboration	8.8.15-p5	8.8.15-p5.x
zimbra / collaboration	8.8.15-p6	8.8.15-p6.x
zimbra / collaboration	8.8.15-p7	8.8.15-p7.x
zimbra / collaboration	8.8.15-p8	8.8.15-p8.x
zimbra / collaboration	8.8.15-p9	8.8.15-p9.x
zimbra / collaboration	8.8.15	8.8.15.x
zimbra / collaboration	8.8.0.x	8.8.15

Vulnerability Database

300,830

CVE-2020-35123

Deep Security Visibility Without the Complexity