CVE-2018-20160 - ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration S

CVE-2018-20160

Summary

ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.

References

Vulnerable Configurations

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.0:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.0:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.1:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.1:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.2:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.2:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.3:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.3:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.4:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.4:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.5:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.5:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.6:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.6:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.7:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.7:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.8:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.8:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.9:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.9:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.10:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.10:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p4:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p4:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p5:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p5:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p6:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p6:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p7:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p7:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p8:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p8:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p9:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p9:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.0:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.0:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.0:beta1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.0:beta1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.2:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.2:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.3:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.3:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.4:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.4:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.5:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.5:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.6:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.6:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.6:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.6:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.6:p1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.6:p1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.6:p2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.6:p2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.6:patch1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.6:patch1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.6:patch2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.6:patch2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.7:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.7:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p10:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p10:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p4:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p4:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p6:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p6:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p7:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p7:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p9:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p9:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch10:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch10:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch4:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch4:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch5:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch5:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch6:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch6:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch7:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch7:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch9:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:patch9:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p4:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p4:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p6:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p6:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p7:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p7:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p8:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p8:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p4:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p4:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:-:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 30-05-2019 - 18:02)
Impact:
Exploitability:

CWE

CWE-611

CAPEC

XML External Entities Blowup
This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

misc

Last major update

30-05-2019 - 18:02

Published

29-05-2019 - 22:29

Last modified

30-05-2019 - 18:02