CRITICAL🚩 CISA KEV⚑ EXPLOITπŸ‡΅πŸ‡± Wersja polska

CVE-2020-7796

CVSS 9.8v3.1pub. 2020-02-18upd. 2026-02-18

Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Synacor Zimbra Collaboration Suite

    APP
    Synacor
    8.8.15< 8.8.15

CISA KEV β€” detailsi

Vendori
Synacor
Producti
Zimbra Collaboration Suite
Added to KEVi
February 17, 2026
Remediation deadline (US Federal)i
March 10, 2026(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP is enabled.

πŸ”΄
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
⏰CISA DEADLINE: 10 marca 2026
Tags
SSRF
CWE
References

Related vulnerabilities

CVE-2024-45519CRITICAL10.0⚠ KEVPL βœ“ten sam produkt

RCE w usΕ‚udze postjournal Zimbra Collaboration Suite β€” command injection bez uwierzytelnienia

CVE-2023-34192CRITICAL9.0⚠ KEVten sam produkt

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute ar...

CVE-2022-41352CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files t...

CVE-2022-37042CRITICAL9.8⚠ KEVten sam produkt

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and e...

CVE-2019-9670CRITICAL9.8⚠ KEVten sam produkt

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity inj...

CVE-2020-7796 β€” Synacor β€” Zimbra Collaboration Suite β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl