virus logo Web Application Security

Zimbra.Collaboration.Autodiscover.Servlet.XXE

description-logoDescription

This indicates an attack attempt against an Information Disclosure vulnerability in Zimbra Collaboration Suite.
The vulnerabilities is due to an error in the application when handling a crafted http request. A remote attacker can exploit this to gain unauthorized access to sensitive information, via a crafted http request.

affected-products-logoAffected Products

Zimbra Collaboration Suite v8.5 to v8.7.11

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://wiki.zimbra.com/wiki/Zimbra_Releases

Version Updates

Date Version Status Detail
2024-02-29 0.00371
New
ID 1090502042
Created Feb 29, 2024
Updated Feb 29, 2024
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Default Action pass
Active
Affected OS Linux
Affected App Other
Engine Version 5.0.1 or later