Home

Description

Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.

PUBLISHED Reserved 2020-01-22 | Published 2020-02-18 | Updated 2026-02-17 | Assigner mitre

CISA Known Exploited Vulnerability

Date added 2026-02-17 | Due date 2026-03-10

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

References

wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7

www.cisa.gov/...nerabilities-catalog?field_cve=CVE-2020-7796 government-resource

wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7

cve.org (CVE-2020-7796)

nvd.nist.gov (CVE-2020-7796)

Download JSON