CVE-2019-9670
Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference
CVSS
—
No CVSS
EPSS
100.0%
p100
KEV
YES
Jan 10, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
100.0%EPSS · 30 days100.0%
2026-06-302026-07-16
Product
Synacor / Zimbra Collaboration Suite (ZCS)
Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference
Added to KEV
Jan 10, 2022
Remediate by
Jul 10, 2022
Known ransomware use
No
Summary description
Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-9670
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2024-45519—100.0%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability—CVE-2022-27925—99.9%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability—CVE-2022-41352—99.9%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability—CVE-2022-37042—99.8%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability—CVE-2022-27924—99.7%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability—CVE-2019-9621—99.6%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability—