First published: Tue Apr 30 2019(Updated: )
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zimbra Collaboration Server | <8.6.0 | |
Zimbra Collaboration Server | >=8.7.0<8.7.11 | |
Zimbra Collaboration Server | >=8.8.0<8.8.10 | |
Zimbra Collaboration Server | =8.6.0 | |
Zimbra Collaboration Server | =8.6.0-p1 | |
Zimbra Collaboration Server | =8.6.0-p10 | |
Zimbra Collaboration Server | =8.6.0-p11 | |
Zimbra Collaboration Server | =8.6.0-p12 | |
Zimbra Collaboration Server | =8.6.0-p2 | |
Zimbra Collaboration Server | =8.6.0-p3 | |
Zimbra Collaboration Server | =8.6.0-p4 | |
Zimbra Collaboration Server | =8.6.0-p5 | |
Zimbra Collaboration Server | =8.6.0-p6 | |
Zimbra Collaboration Server | =8.6.0-p7 | |
Zimbra Collaboration Server | =8.6.0-p8 | |
Zimbra Collaboration Server | =8.6.0-p9 | |
Zimbra Collaboration Server | =8.7.11 | |
Zimbra Collaboration Server | =8.7.11-p1 | |
Zimbra Collaboration Server | =8.7.11-p2 | |
Zimbra Collaboration Server | =8.7.11-p3 | |
Zimbra Collaboration Server | =8.7.11-p4 | |
Zimbra Collaboration Server | =8.7.11-p5 | |
Zimbra Collaboration Server | =8.7.11-p6 | |
Zimbra Collaboration Server | =8.7.11-p7 | |
Zimbra Collaboration Server | =8.7.11-p8 | |
Zimbra Collaboration Server | =8.7.11-p9 | |
Zimbra Collaboration Server | =8.8.10 | |
Zimbra Collaboration Server | =8.8.10-p1 | |
Zimbra Collaboration Server | =8.8.10-p2 | |
Zimbra Collaboration Server | =8.8.10-p3 | |
Zimbra Collaboration Server | =8.8.10-p4 | |
Zimbra Collaboration Server | =8.8.10-p5 | |
Zimbra Collaboration Server | =8.8.10-p6 | |
Zimbra Collaboration Server | =8.8.11 | |
Zimbra Collaboration Server | =8.8.11-p1 | |
Zimbra Collaboration Server | =8.8.11-p2 | |
<8.6.0 | ||
>=8.7.0<8.7.11 | ||
>=8.8.0<8.8.10 | ||
=8.6.0 | ||
=8.6.0-p1 | ||
=8.6.0-p10 | ||
=8.6.0-p11 | ||
=8.6.0-p12 | ||
=8.6.0-p2 | ||
=8.6.0-p3 | ||
=8.6.0-p4 | ||
=8.6.0-p5 | ||
=8.6.0-p6 | ||
=8.6.0-p7 | ||
=8.6.0-p8 | ||
=8.6.0-p9 | ||
=8.7.11 | ||
=8.7.11-p1 | ||
=8.7.11-p2 | ||
=8.7.11-p3 | ||
=8.7.11-p4 | ||
=8.7.11-p5 | ||
=8.7.11-p6 | ||
=8.7.11-p7 | ||
=8.7.11-p8 | ||
=8.7.11-p9 | ||
=8.8.10 | ||
=8.8.10-p1 | ||
=8.8.10-p2 | ||
=8.8.10-p3 | ||
=8.8.10-p4 | ||
=8.8.10-p5 | ||
=8.8.10-p6 | ||
=8.8.11 | ||
=8.8.11-p1 | ||
=8.8.11-p2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-9621 is a vulnerability in Zimbra Collaboration Suite that allows Server Side Request Forgery (SSRF) via the ProxyServlet component.
CVE-2019-9621 has a severity rating of 7.5 (high).
The affected software versions include Zimbra Collaboration Server 8.6.0, 8.7.x (up to 8.7.11), and 8.8.x (up to 8.8.10).
To fix CVE-2019-9621, apply the relevant patches: patch 13 for 8.6, patch 10 for 8.7.x, and patch 7 or 8.8.11 patch 3 for 8.8.x.
You can find more information about CVE-2019-9621 at the following references: [1](http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html), [2](http://packetstormsecurity.com/files/153190/Zimbra-XML-Injection-Server-Side-Request-Forgery.html), [3](http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce)