CVE-2019-9670
9.8
CRITICALCVSS v3.1 Base Score
94.43%
HIGH RiskEPSS (100th percentile)
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
Published: 5/29/2019
Modified: 11/4/2025
Vulnerability Summary
CVSS v3 Score
9.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2 Score
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Score (Exploitation Probability)
94.43%HIGH Exploitation Risk
100th percentile
This vulnerability has a 94.43% probability of being exploited in the next 30 days, ranking higher than 100% of all scored CVEs.
CWE Classification
Learn More
CVSS Calculator
View this score breakdown or calculate a custom score
Understanding CVSS Scoring
Learn how severity scores are calculated and what they mean
CVE Prioritization Guide
Best practices for deciding which vulnerabilities to address first
What is a CVE?
Essential guide to Common Vulnerabilities and Exposures
CVE vs CWE Explained
Understand how CVEs relate to underlying weakness types