AI description
Automated description summarized from trusted sources.
CVE-2019-9621 is a Server-Side Request Forgery (SSRF) vulnerability affecting Zimbra Collaboration Suite (ZCS) versions before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3. It exists in the ProxyServlet component. The vulnerability allows a remote, unauthenticated attacker to send a crafted HTTP request to trick the Zimbra server into making unauthorized requests to internal or external systems. This can bypass network restrictions and potentially reach sensitive internal services, possibly exposing sensitive data.
- Description
- Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Data from CISA
- Vulnerability name
- Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability
- Exploit added on
- Jul 7, 2025
- Exploit action due
- Jul 28, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
CISA added 5 vulns to its Known Exploited Vulnerabilities (KEV) catalog this week: CitrixBleed 2 (CVE-2025-5777) – OOB read in NetScaler ADC. 4 older vulns added July 7: ▪ Zimbra ZCS (CVE-2019-9621) ▪ Rails (CVE-2019-5418) ▪ PHPMailer (CVE-2016-10033) ▪ MRLG (CVE-2014-3
@cyber_sec_raj
13 Jul 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Alert: CISA adds four critical vulnerabilities to the KEV Catalog due to active exploitation, reported July 08, 2025. Threat: Flaws like CVE-2019-9621 and CVE-2025-5777 (CitrixBleed 2) enable data leaks and remote code execution, risking logistics breaches. Action: htt
@tony3266
8 Jul 2025
97 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CAE2C83F-03C0-4C2A-AC40-5B16BF350FE4",
"versionEndExcluding": "8.6.0"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A91CE8F-5E21-459E-A253-A1706357B82B",
"versionEndExcluding": "8.7.11",
"versionStartIncluding": "8.7.0"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "172EF781-F36D-49D1-8E80-5F344551F543",
"versionEndExcluding": "8.8.9",
"versionStartIncluding": "8.8.0"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09016525-12F2-49D0-A803-E38294FE3EFC"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "256ABB7E-46FB-471A-95D1-589A2F985BF9"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48F84B56-C83D-41D9-AC55-3D72A9EED4DE"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75435F38-8FD9-4185-9A82-AB60EF29242A"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C7423B7-A09A-4E1F-B5C7-71FB276ABEAD"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A4EE384-AB5A-42AB-8BD9-7B41235A3285"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E06F070B-CB6E-46A8-94BE-4C036DDD79AC"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7932C40-61F8-4267-894B-A843D7465571"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72038138-CDB7-4790-A5C7-5F0EC6334A0D"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0677BB2-9D02-4F88-8210-969ECBC23C30"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F182ED10-C40E-4B90-AEBA-0C54B7D1BF6D"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABBDA068-C4C8-4FE7-9E86-8778FD24B8F5"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1C95543-0162-4F9A-A9F5-8D2534210489"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A98A1461-959C-4FC5-8860-76C3A9605F41"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD265B8F-EA30-4871-86C2-92C04611A947"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2D22C23-0CDC-4D9C-AC2B-16338802D0E4"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2FF8E1C-C700-45D1-B834-E23BF241DCC5"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA825F54-5CD7-4D27-88B1-CEEC5AE7EE93"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81BA5A67-A156-4298-A61F-B968DE5572EF"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E82DF8E-F9AA-4E40-AD8F-63E696249822"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5524DBD2-8E86-4F7F-B958-01B0C1AB002C"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33E6EF4B-DFBE-4C8A-AC45-335E4DACB34A"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "640B50EA-C8F2-4EA7-8138-0E0F7942D3FB"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BCDDD0B-0E2E-4A02-99B2-C74BD103C7A9"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01E60F13-49E8-45C7-80D0-3FE174C26AA4"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2700268-0FA5-4657-B896-590C8F67DD2C"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E55B35D0-6AEF-4746-A895-63D3840DFF01"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:patch2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "998D6937-06A3-40B3-B059-0EC7E28E1CB9"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:patch3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "907F7ECA-5D3D-46E4-9504-FD75C1CEEEED"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:patch4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E95C6B4-4316-43D2-8279-945CFFCF7C59"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:patch6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34391900-6320-46CF-8A77-35CC6F217ADD"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:patch7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB0B89FF-4BB7-4AA3-9CFF-7E4BAECDE4D1"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:patch8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "86447807-6AAF-428B-927A-277869782BBA"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:patch9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FECDF27-FBB2-4189-9164-53AF0BD338D4"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EEE708DD-3340-4190-B3B0-D102D798C091"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "766B9A21-CD09-4A9F-9637-9A40ABB44513"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:patch2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C49F150-FF50-42AB-8710-B518EC78306A"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:patch3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DE64748-4F42-46AC-8536-BAD4C6C0D951"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:patch4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3A4D1E3-D075-46DF-BA0A-C343992559FC"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:patch6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94FBCF3B-BF84-40B3-9FE3-B4F87144E06E"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:patch7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "212959A7-A966-43EC-801A-35C4AF617CF4"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0B38B6A-83D3-4983-A4E7-4A1418C3F0D9"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E0EA919-7260-4878-88A7-53AD15649634"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:patch2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D586F989-0EDD-40D3-B839-CEE9BC56999A"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:patch3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E11310D-3A18-47B2-836F-75B205032AF3"
}
],
"operator": "OR"
}
]
}
]