Cve20207796 Zimbra Collaboration Suite ((exclusive)) Full Info

Zimbra Collaboration Suite (ZCS) versions before 8.8.15 Patch 7 CVSS 3.x Score: 9.8 (Critical) Attack Vector: Network (Remote) Authentication Required: No (Unauthenticated) Technical Details

While 2020 saw several high-profile vulnerabilities in Zimbra (notably CVE-2020-27988 and CVE-2020-28016), one flaw stands out for its severity and the chilling simplicity of its exploitation: . This vulnerability, rated Critical (CVSS 9.8) , allows an unauthenticated attacker to achieve full Remote Code Execution (RCE) on the underlying Zimbra server, leading to complete compromise of the email infrastructure. cve20207796 zimbra collaboration suite full

POST /service/extension/UserServlet HTTP/1.1 Host: target.zimbra.com Content-Type: application/x-www-form-urlencoded Zimbra Collaboration Suite (ZCS) versions before 8

She crafts a SOAP request to localhost:7071 asking for an auth token for admin@logi-core.local . The SSRF replies with a valid admin session key. The SSRF replies with a valid admin session key

CVE-2020-7796 - Zimbra Collaboration Suite (ZCS) Remote Code Execution Vulnerability

vulnerability in the Zimbra Collaboration Suite (ZCS). It allows unauthenticated remote attackers to force the server to make HTTP requests to arbitrary internal or external hosts, effectively using the server as a proxy to bypass firewalls and access sensitive internal data. Key Details Vulnerability Type: Server-Side Request Forgery (SSRF). 9.8 (Critical) on the CVSS v3.1 scale. Affected Versions: All versions of Zimbra Collaboration Suite prior to 8.8.15 Patch 7 Trigger Condition: The vulnerability specifically exists when the WebEx zimlet