CVE-2020-7796 is a critical Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite (ZCS). It primarily affects versions of ZCS prior to 8.8.15 Patch 7. Technical Vulnerability Overview Vulnerability Type: Server-Side Request Forgery (SSRF).
: High. Because it can be exploited by unauthenticated attackers, it poses a direct risk to any exposed Zimbra instance. Potential Outcomes cve20207796 zimbra collaboration suite full
She decides to test on a staging clone.
Shortly after disclosure, proof-of-concept (PoC) code became publicly available. Due to the ease of exploitation (sending a malicious email), this vulnerability was widely exploited in the wild by botnets and advanced persistent threat (APT) actors. cve20207796 zimbra collaboration suite full
By chaining: