vulnerability
Zimbra Collaboration: CVE-2019-9670: Collaboration: Improper Restriction of XML External Entity Reference
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:P/A:N) | May 29, 2019 | Jan 10, 2025 | Feb 6, 2026 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
May 29, 2019
Added
Jan 10, 2025
Modified
Feb 6, 2026
Description
XXE CWE-611 (8.7.x only)
Solution
zimbra-collaboration-upgrade-latest
References
- CWE-611
- CVE-2019-9670
- https://attackerkb.com/topics/CVE-2019-9670
- URL-http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html
- URL-http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce
- URL-https://bugzilla.zimbra.com/show_bug.cgi?id=109129
- URL-https://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570/
- URL-https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
- URL-https://www.exploit-db.com/exploits/46693/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.