This XML External Entity injection (XXE) vulnerability disclosed in March 2019 is still actively scanned for a vulnerable mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10. This exploit attempts to read the Zimbra configuration file that contains an LDAP password for the zimbra account. Sample Log 20210625-144918: 192.168.25.9:443-45.146.165.123:41062 data Indicators (AS Name: HOSTWAY-AS, SELECTEL) Information on the patch is available here [3]. [1] https://nvd.nist.gov/vuln/detail/CVE-2019-9670 ----------- |
Guy 523 Posts ISC Handler Jun 26th 2021 |
Thread locked Subscribe |
Jun 26th 2021 1 year ago |
Sign Up for Free or Log In to start participating in the conversation!