This article has been indexed from SANS Internet Storm Center, InfoCON: green
This XML External Entity injection (XXE) vulnerability disclosed in March 2019 is still actively scanned for a vulnerable mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10. This exploit attempts to read the Zimbra configuration file that contains an LDAP password for the zimbra account.
Read the original article: CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability, (Sat, Jun 26th)