News
Latest news
Stay up to date. Here you will find our latest information or changes.
Check out our maps and profit from 40 free maps.
CVE-2020-7796 is a Server-Side Request Forgery (SSRF) vulnerability identified in Zimbra Collaboration Suite (ZCS) versions prior to . The flaw allows an unauthenticated remote attacker to force the Zimbra server to make HTTP requests to arbitrary internal or external hosts.
: Malicious requests can be structured to fetch sensitive system properties, local application server configuration profiles, or system files, leading to systemic info-stealing campaigns. Vulnerable Versions and Conditions
Attackers use the SSRF flaw to conduct internal port scanning behind the perimeter firewall. They can identify unauthenticated administrative consoles, database instances, and internal microservices. cve20207796 zimbra collaboration suite full
Last updated: 2026-04-19 References: NVD, Zimbra Security Advisories, Rapid7 Analysis, Project Discovery research.
vulnerability. It occurs due to insufficient validation of user-supplied URLs within specific components of the Zimbra application. Specifically, this vulnerability is triggered when the WebEx zimlet is installed and the zimlet JSP is enabled. How the Vulnerability Works Vulnerable Versions and Conditions Attackers use the SSRF
Because an SSRF vulnerability effectively converts a highly trusted perimeter mail server into a malicious pivoting proxy, the cascading operational impacts are severe.
A successful exploit can lead to serious consequences, including: vulnerability
Insufficient validation of user-supplied URLs within a Zimbra application component. Technical Impact
The flaw is classified under . It stems from insufficient validation of user-supplied URLs within a core application endpoint. Specifically, the vulnerability triggers when: The WebEx Zimlet is installed on the ZCS system. The Zimlet JSP (JavaServer Pages) functionality is enabled.
| ZCS Version | Vulnerable? | Patch Level | |-------------|--------------|----------------| | | Yes | < Patch 12 | | 9.0.0 | Yes | < Patch 4 | | 8.8.15 P12+ | No | Fixed | | 9.0.0 P4+ | No | Fixed | | 10.x | Not affected (different architecture) | N/A |
Stay up to date. Here you will find our latest information or changes.
The project in figures. Take a look at our latest statistics.
