Cve20207796 Zimbra Collaboration Suite Full 2021 Info

She crafts a SOAP request to localhost:7071 asking for an auth token for admin@logi-core.local . The SSRF replies with a valid admin session key.

Since the flaw resides in this specific component, disabling it or its JSP functionality can block the attack vector.

The flaw is active when the WebEx zimlet is installed and its associated JSP (Jakarta Server Pages) functionality is enabled.

Maya’s SIEM dashboard lights up with a medium-severity alert: . The description is short: "Zimbra Collaboration Suite – SSRF via the 'ContactEmails' parameter in the 'ProxyServlet'."

She crafts a SOAP request to localhost:7071 asking for an auth token for admin@logi-core.local . The SSRF replies with a valid admin session key.

Since the flaw resides in this specific component, disabling it or its JSP functionality can block the attack vector. cve20207796 zimbra collaboration suite full

The flaw is active when the WebEx zimlet is installed and its associated JSP (Jakarta Server Pages) functionality is enabled. She crafts a SOAP request to localhost:7071 asking

Maya’s SIEM dashboard lights up with a medium-severity alert: . The description is short: "Zimbra Collaboration Suite – SSRF via the 'ContactEmails' parameter in the 'ProxyServlet'." cve20207796 zimbra collaboration suite full