Cve20207796 Zimbra Collaboration Suite [new] Full

Zimbra Collaboration Suite (ZCS) is a widely used enterprise-level email and collaboration platform. However, versions prior to 8.8.15 Patch 7 are vulnerable to a significant security flaw identified as CVE-2020-7796 What is CVE-2020-7796? CVE-2020-7796 is a Server-Side Request Forgery (SSRF)

| Attribute | Details | |-----------|---------| | | CVE-2020-27996 | | Affected Product | Zimbra Collaboration Suite (ZCS) | | Affected Versions | 8.8.15 prior to Patch 11, 9.0.0 prior to Patch 5 | | Component | Proxy Servlet / UserServlet | | Attack Vector | Network / HTTP | | Authentication | None required (Pre-auth RCE) | | CVSS v3 Score | 9.8 (Critical) | | Disclosure Date | November 2020 | | Exploit Maturity | Public PoC available within days of patch | cve20207796 zimbra collaboration suite full

Update the repository metadata: yum clean metadata && yum check-update Update your system: yum update Restart ZCS: su - zimbra -c "zmcontrol restart" 2. Manual Workaround Zimbra Collaboration Suite (ZCS) is a widely used

To mitigate this vulnerability, administrators should: Manual Workaround To mitigate this vulnerability

By chaining:

Zimbra Collaboration Suite is a comprehensive email and collaboration platform designed for businesses and organizations. It offers a range of features, including email, calendar, contacts, and file sharing, making it a popular choice for enterprises seeking to streamline their communication and collaboration needs. The suite is available in both open-source and commercial editions, with the open-source version being widely used by organizations worldwide.

Attackers can send unauthorized requests to internal services that are normally protected by firewalls.