Cve20207796 Zimbra Collaboration Suite Full Better Instant

Security Advisory Report: CVE-2020-7796

Subject: CVE-2020-7796 - Zimbra Collaboration Suite (ZCS) Remote Code Execution Vulnerability

The ProxyServlet blindly follows the target parameter, ignoring host restrictions. It returns the login page of the Admin Console. Unauthenticated access to localhost:7071. cve20207796 zimbra collaboration suite full

If immediate patching is not possible, security teams should implement the following Acunetix-recommended controls: CVE-2020-7796: https://cve

• CVE-2020-7796: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7796
• Zimbra Advisory: https://www.zimbra.com/

Recommendations

CVE-2020-7796 is a critical Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite (ZCS). Vulnerability Details Severity: Critical (CVSS Score: 9.8). cve20207796 zimbra collaboration suite full

• CVE-2020-7796: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7796
• Zimbra Advisory: https://www.zimbra.com/security-advisories/

• Zimbra Security Center: https://www.zimbra.com/security/
• OWASP Zimbra Security: https://owasp.org/www-community/attacks/Zimbra_Collaboration_Suite_Vulnerabilities