Also monitor for:
Shortly after disclosure, proof-of-concept (PoC) code became publicly available. Due to the ease of exploitation (sending a malicious email), this vulnerability was widely exploited in the wild by botnets and advanced persistent threat (APT) actors.
Imagine a scenario where a parameter in a URL, like fetchUrl=http://internal.corp/admin.php , is accepted by the server without validation. By changing that parameter to point to an internal IP address, an attacker can effectively ask the server to scan its own internal network, access sensitive services not directly reachable from the internet (e.g., internal databases, cloud metadata endpoints), or even attack other systems on the network. cve20207796 zimbra collaboration suite full
Because an SSRF vulnerability effectively converts a highly trusted perimeter mail server into a malicious pivoting proxy, the cascading operational impacts are severe.
Accessing sensitive internal resources protected by firewalls. Data leakage or credential theft. By changing that parameter to point to an
Over time, researchers identified that multiple components within Zimbra were vulnerable to similar path traversal attacks. Security researchers from SonarSource and Volexity, and organizations like CISA, have identified several variations of this issue. The key variations include:
If CalDAV or ProxyServlet are not required, disable them via zmprov : Data leakage or credential theft
The vulnerability is active when the WebEx Zimlet is installed and the Zimlet JSP is enabled. Impact of the CVE-2020-7796 Vulnerability
: The flaw is present when the WebEx Zimlet is installed and its associated Jakarta Server Pages (JSP) functionality is enabled.