CVE-2020-7796 is a critical Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite (ZCS) . It has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog
| ZCS Version | Vulnerable? | Patch Level |
|-------------|--------------|----------------|
| 8.8.15 | Yes | < Patch 12 |
| 9.0.0 | Yes | < Patch 4 |
| 8.8.15 P12+ | No | Fixed |
| 9.0.0 P4+ | No | Fixed |
| 10.x | Not affected (different architecture) | N/A | cve20207796 zimbra collaboration suite full
GET /service/home/~/?auth=co&fmt=riched&user=INBOX%22%3E%3Cscript%3E
POST /service/proxy?target=https://attacker.com/
Abnormal Calendar invite with HTML payload in DESCRIPTION field
But Maya remembers something. Zimbra runs on port 7071 – the Admin Console. And last month, they integrated the Zimbra server with an internal Jenkins instance for email automation. But Maya remembers something
Zimbra Collaboration Suite is a comprehensive email and collaboration platform designed for businesses and organizations. It offers a range of features, including email, calendar, contacts, and file sharing, making it a popular choice for enterprises seeking to streamline their communication and collaboration needs. The suite is available in both open-source and commercial editions, with the open-source version being widely used by organizations worldwide. and file sharing