{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "8.8.9-p6" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "8.7.0" }, { "fixed": "8.7.11" }, { "introduced": "8.8.0" }, { "fixed": "8.8.9" }, { "introduced": "0" }, { "last_affected": "8.7.11-NA" }, { "introduced": "0" }, { "last_affected": "8.7.11-p1" }, { "introduced": "0" }, { "last_affected": "8.7.11-p2" }, { "introduced": "0" }, { "last_affected": "8.7.11-p3" }, { "introduced": "0" }, { "last_affected": "8.7.11-p4" }, { "introduced": "0" }, { "last_affected": "8.7.11-p5" }, { "introduced": "0" }, { "last_affected": "8.7.11-p6" }, { "introduced": "0" }, { "last_affected": "8.7.11-p7" }, { "introduced": "0" }, { "last_affected": "8.7.11-p8" }, { "introduced": "0" }, { "last_affected": "8.7.11-p9" }, { "introduced": "0" }, { "last_affected": "8.8.9-NA" }, { "introduced": "0" }, { "last_affected": "8.8.9-p1" }, { "introduced": "0" }, { "last_affected": "8.8.9-p3" }, { "introduced": "0" }, { "last_affected": "8.8.10-NA" }, { "introduced": "0" }, { "last_affected": "8.8.11-NA" } ] }, "events": [ { "introduced": "0" }, { "fixed": "6c3c77b328a0d7d3bafecb79d202960217922ef0" }, { "introduced": "0" }, { "fixed": "5000d7ff7c8650dbfff91678647fabc2bbf0e64b" }, { "introduced": "0" }, { "last_affected": "6c3c77b328a0d7d3bafecb79d202960217922ef0" }, { "introduced": "0" }, { "last_affected": "99ed312c10c45aa80e08be0c0ecbce46a53a4ace" }, { "introduced": "0" }, { "last_affected": "d077c8d575b8d2ea5ef93331958237b22e42e6f7" }, { "introduced": "0" }, { "last_affected": "2705a9ca4782dcc4bea5f7d3653c2bf93f8582bb" }, { "introduced": "0" }, { "last_affected": "0867fcb7263fa9a1130b192d8c8538b05db4eee6" }, { "introduced": "0" }, { "last_affected": "4a8e4bee73cd2c8e5804788ef5212d0d180f5846" }, { "introduced": "0" }, { "last_affected": "7b0d4aa4baaf4d62a4858b390856771d30db3c37" }, { "introduced": "0" }, { "last_affected": "58f5c7adeac0dc81b2286c1b948c97c134587bb9" }, { "introduced": "0" }, { "last_affected": "9f862bb6fb9bf2e77fbcea7ff62e92986c4044c9" }, { "introduced": "0" }, { "last_affected": "e4d1e657f1d2a5a5e8c56c11d7da34ef61574591" }, { "introduced": "0" }, { "last_affected": "5000d7ff7c8650dbfff91678647fabc2bbf0e64b" }, { "introduced": "0" }, { "last_affected": "5000d7ff7c8650dbfff91678647fabc2bbf0e64b" }, { "introduced": "0" }, { "last_affected": "5000d7ff7c8650dbfff91678647fabc2bbf0e64b" }, { "introduced": "0" }, { "last_affected": "14a4dfad173dbbe623229e1a850b7610c76bc280" }, { "introduced": "0" }, { "last_affected": "31312ceebfeba104e1e2a16c554e734125b911d1" } ], "repo": "https://github.com/zimbra/zm-build", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "8.8.9-p2" }, { "introduced": "0" }, { "last_affected": "8.8.9-p4" }, { "introduced": "0" }, { "last_affected": "8.8.9-p7" }, { "introduced": "0" }, { "last_affected": "8.8.9-p8" }, { "introduced": "0" }, { "last_affected": "8.8.10-p2" }, { "introduced": "0" }, { "last_affected": "8.8.10-p3" }, { "introduced": "0" }, { "last_affected": "8.8.10-p4" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "d3c6ef3616ff8d06555806b60d3a4aa5a3ab6d92" }, { "introduced": "0" }, { "last_affected": "66b2b24c8346512d4411c40189ec3556029272a7" }, { "introduced": "0" }, { "last_affected": "7fc2e615338f81e7dde44c98812fb8e93b3a4e1a" }, { "introduced": "0" }, { "last_affected": "74fe8e472dedcf06295adbdf5f9c16aaf32d275b" }, { "introduced": "0" }, { "last_affected": "c1c811f5970a35a1fe7063e68d662fbbc73afc6d" }, { "introduced": "0" }, { "last_affected": "b51c33194a7b7cfdb46dbb87508454b5c51e352d" }, { "introduced": "0" }, { "last_affected": "5fffd333fb13ce2e013dc0ae0e133fbb3d27dd12" } ], "repo": "https://github.com/zimbra/zm-mailbox", "type": "GIT" } ] } ], "details": "ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.", "id": "CVE-2018-20160", "modified": "2026-04-01T23:09:24.997606392Z", "published": "2019-05-29T22:29:01.320Z", "references": [ { "type": "ADVISORY", "url": "https://wiki.zimbra.com/wiki/Security_Center" }, { "type": "ADVISORY", "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" }, { "type": "REPORT", "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109093" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }