NVD - CVE-2026-33371 (original) (raw)
Change History
5 change records found show changes
CVE Modified by CISA-ADP 6/17/2026 6:37:23 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | SSVC | {"timestamp":"2026-03-23T13:39:44.006410Z","id":"CVE-2026-33371","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"} |
CVE Modified by MITRE 6/17/2026 6:37:23 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Affected | [{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}] |
Initial Analysis by NIST 4/01/2026 11:35:47 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CPE Configuration | OR *cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:* versions from (including) 10.0.0 up to (excluding) 10.1.16 | |
| Added | Reference Type | MITRE: https://wiki.zimbra.com/wiki/Security\_Center Types: Release Notes, Vendor Advisory | |
| Added | Reference Type | MITRE: https://wiki.zimbra.com/wiki/Zimbra\_Releases/10.1.16#Security\_Fixes Types: Release Notes | |
| Added | Reference Type | MITRE: https://wiki.zimbra.com/wiki/Zimbra\_Responsible\_Disclosure\_Policy Types: Product | |
| Added | Reference Type | MITRE: https://wiki.zimbra.com/wiki/Zimbra\_Security\_Advisories Types: Vendor Advisory |
CVE Modified by CISA-ADP 3/23/2026 10:16:34 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CVSS V3.1 | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | |
| Added | CWE | CWE-611 |
New CVE Received from MITRE 3/20/2026 10:16:16 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Description | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser with external entity resolution enabled. Successful exploitation may allow disclosure of sensitive local files from the server. | |
| Added | Reference | https://wiki.zimbra.com/wiki/Security\_Center | |
| Added | Reference | https://wiki.zimbra.com/wiki/Zimbra\_Releases/10.1.16#Security\_Fixes | |
| Added | Reference | https://wiki.zimbra.com/wiki/Zimbra\_Responsible\_Disclosure\_Policy | |
| Added | Reference | https://wiki.zimbra.com/wiki/Zimbra\_Security\_Advisories |