The vulnerability exists due to insufficient validation of user-supplied URLs within a specific component of the Zimbra application—specifically when the is installed and its JSP (JavaServer Pages) file is enabled.
CVE-2020-7796 is a Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite (ZCS) . It specifically affects the WebEx zimlet component and can allow an unauthenticated attacker to force the server to make unauthorized HTTP requests to internal or external systems . Vulnerability Overview CVE ID: CVE-2020-7796 cve20207796 zimbra collaboration suite full
, it is a high-priority target for cybercriminals and APT groups. Is My System at Risk? Your system is vulnerable if you are running The vulnerability exists due to insufficient validation of
Her boss waves it off. "It's just an SSRF. Internal network only. Patch it next week." Vulnerability Overview CVE ID: CVE-2020-7796 , it is
: Limit outbound connections from the Zimbra server to only essential destinations.
By following these guidelines, you can help to secure your Zimbra Collaboration Suite installation and protect against potential security threats.
.jpg)
.png)