CVE-2019-9621

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite versions prior to 8.6 patch 13 Zimbra Collaboration Suite versions 8.7.x prior to 8.7.11 patch 10 Zimbra Collaboration Suite versions 8.8.x prior to 8.8.10 patch 7 Zimbra Collaboration Suite versions 8.8.x prior to 8.8.11 patch 3

Description The issue resides in insufficient input validation within Zimbra Collaboration Suite. Exploitation of this issue may allow a remote attacker to perform a Server-Side Request Forgery (SSRF) attack via the ProxyServlet component. SSRF occurs when an attacker can cause the server to make requests to unintended locations.

Recommendations Zimbra Collaboration Suite versions prior to 8.6 patch 13 should be updated to version 8.6 patch 13 or later. Zimbra Collaboration Suite versions 8.7.x prior to 8.7.11 patch 10 should be updated to version 8.7.11 patch 10 or later. Zimbra Collaboration Suite versions 8.8.x prior to 8.8.10 patch 7 should be updated to version 8.8.10 patch 7 or later. Zimbra Collaboration Suite versions 8.8.x prior to 8.8.11 patch 3 should be updated to version 8.8.11 patch 3 or later.