CVE-2020-7796 is a server-side request forgery (SSRF) vulnerability in the Zimbra Collaboration Suite (ZCS) . It allows unauthenticated remote attackers to force the server to make HTTP requests to arbitrary internal or external hosts, effectively using the server as a proxy to bypass firewalls or access sensitive internal data. Vulnerability Details CVE ID: CVE-2020-7796 CVSS Score: 9.8 (Critical) Vulnerability Type: SSRF (CWE-918)
The vulnerability is specifically linked to the WebEx Zimlet ( com_zimbra_webex ) when the Zimlet JSP functionality is enabled.
Attackers may gain unauthorized access to sensitive internal information or resources.
If immediate patching is impossible, ensure that the WebEx Zimlet JSP functionality is disabled unless strictly necessary.
Attackers can send unauthorized requests to internal services that are normally protected by firewalls.
Upgrade to Zimbra Collaboration 8.8.15 Patch 7 or later . This version contains the necessary security fixes for this SSRF flaw.
In some scenarios, it may be possible to steal login credentials or inject malware through chained exploits. Current Threat Status
After upgrading, use the zmcontrol -v command to ensure the correct version is active.
To secure your environment, the following actions are recommended:
For more technical details and patch instructions, visit the Zimbra Tech Center Release Notes . CVE-2020-7796 Detail - NVD
Thank you for your support! Your contribution helps improve wide.video and bring even more awesome features.
Děkuji za vaši podporu! Váš příspěvek pomáhá vylepšovat wide.video a přinášet ještě více skvělých funkcí.
Cve20207796 Zimbra Collaboration Suite Full __full__ Instant
CVE-2020-7796 is a server-side request forgery (SSRF) vulnerability in the Zimbra Collaboration Suite (ZCS) . It allows unauthenticated remote attackers to force the server to make HTTP requests to arbitrary internal or external hosts, effectively using the server as a proxy to bypass firewalls or access sensitive internal data. Vulnerability Details CVE ID: CVE-2020-7796 CVSS Score: 9.8 (Critical) Vulnerability Type: SSRF (CWE-918)
The vulnerability is specifically linked to the WebEx Zimlet ( com_zimbra_webex ) when the Zimlet JSP functionality is enabled.
Attackers may gain unauthorized access to sensitive internal information or resources. cve20207796 zimbra collaboration suite full
If immediate patching is impossible, ensure that the WebEx Zimlet JSP functionality is disabled unless strictly necessary.
Attackers can send unauthorized requests to internal services that are normally protected by firewalls. Attackers may gain unauthorized access to sensitive internal
Upgrade to Zimbra Collaboration 8.8.15 Patch 7 or later . This version contains the necessary security fixes for this SSRF flaw.
In some scenarios, it may be possible to steal login credentials or inject malware through chained exploits. Current Threat Status Upgrade to Zimbra Collaboration 8
After upgrading, use the zmcontrol -v command to ensure the correct version is active.
To secure your environment, the following actions are recommended:
For more technical details and patch instructions, visit the Zimbra Tech Center Release Notes . CVE-2020-7796 Detail - NVD
Support with Bitcoin
Podpořit Bitcoinem
Address: 15cjR92gK9nRD4otzmuoQYcFzE2aAf7T7M
