First published: Tue Feb 18 2020(Updated: )
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Synacor Zimbra Collaboration Suite | <8.8.15 | |
Synacor Zimbra Collaboration Suite | =8.8.15 | |
Synacor Zimbra Collaboration Suite | =8.8.15-p1 | |
Synacor Zimbra Collaboration Suite | =8.8.15-p2 | |
Synacor Zimbra Collaboration Suite | =8.8.15-p3 | |
Synacor Zimbra Collaboration Suite | =8.8.15-p4 | |
Synacor Zimbra Collaboration Suite | =8.8.15-p5 | |
Synacor Zimbra Collaboration Suite | =8.8.15-p6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-7796 is a vulnerability in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 that allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
CVE-2020-7796 affects Zimbra Collaboration Suite versions up to and including 8.8.15.
CVE-2020-7796 has a severity rating of 9.8, which is classified as critical.
To fix CVE-2020-7796, you need to update Zimbra Collaboration Suite to version 8.8.15 Patch 7 or later.
You can find more information about CVE-2020-7796 on the Zimbra Collaboration Suite wiki page: [https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7](https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7)