PT-2020-19795 · Zimbra+1 · Zimbra Collaboration Suite+1
Published
2020-02-13
·
Updated
2026-02-20
·
CVE-2020-7796
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Zimbra Collaboration Suite (ZCS) versions prior to 8.8.15 Patch 7
Description
The software is susceptible to a Server-Side Request Forgery (SSRF) attack when the WebEx zimlet is installed and the zimlet JSP is enabled. A recent surge in the exploitation of SSRF vulnerabilities has been observed, with over 400 distinct IPs identified exploiting multiple flaws. Notable attacks have been reported in the U.S., Germany, and Israel. This allows attackers to map internal networks, find vulnerable services, and potentially steal sensitive cloud credentials.
Recommendations
Update Zimbra Collaboration Suite (ZCS) to version 8.8.15 Patch 7 or later.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webex Zimlet
Zimbra Collaboration Suite