Zimbra XXE enabling SSRF and file read — exploited to steal admin credentials and access internal services. Apply Zimbra patches immediately. Disable XML external entity processing in Zimbra mailboxd. Monitor for unusual outbound HTTP from mail servers.
Synacor Zimbra Collaboration Suite before 8.7.12 has an XXE vulnerability in XML processing in the mailboxd component, which can be used to obtain SSRF and arbitrary file reads.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →