Cve20207796 Zimbra Collaboration Suite [updated] Full < REAL · ANTHOLOGY >

Insufficient validation of user-supplied URLs within the WebEx zimlet component, specifically when zimlet JSP (Jakarta Server Pages) is enabled. Impact and Exploitation

Sensitive information from internal metadata services or local configuration files may be retrieved. Remote Code Execution (RCE): In some configurations, SSRF can be leveraged to gain full control over the affected system 3. Affected Versions Zimbra Collaboration Suite versions prior to 8.8.15 Patch 7 4. Risk Assessment Authentication: Not required (Unauthenticated). Exploitation Status: cve20207796 zimbra collaboration suite full

: After upgrading, administrators should use the zmcontrol -v command to verify the current patch level. 2. Immediate Temporary Mitigations Current Threat Status

Detection & indicators

: Sensitive information residing on the internal network, which is otherwise inaccessible from the public internet, can be leaked. can be leaked. In some scenarios

In some scenarios, it may be possible to steal login credentials or inject malware through chained exploits. Current Threat Status