CVE-2020-7796
Published Feb 18, 2020
Last updated 6 days ago
AI description
CVE-2020-7796 is a Server-Side Request Forgery (SSRF) vulnerability identified in Zimbra Collaboration Suite (ZCS) versions prior to 8.8.15 Patch 7. This flaw specifically arises when the WebEx zimlet is installed and the zimlet JSP is enabled within the ZCS environment. Exploitation of this vulnerability allows an attacker to send unauthorized requests to a server. This can potentially enable access to sensitive information or resources that would typically be protected by firewalls or other security measures.
- Description
- Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- zimbra_collaboration_suite
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Data from CISA
- Vulnerability name
- Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
- Exploit added on
- Feb 17, 2026
- Exploit action due
- Mar 10, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
#CISA added four #security flaws (CVE-2026-2441, CVE-2024-7694, CVE-2020-7796, CVE-2008-0015) to its KEV catalogue, citing evidence of active exploitation in the wild. #CyberSecurity #InfoSec https://t.co/WVJPnfmi7P https://t.co/W1h3dmwdH7
@twelvesec
20 Feb 2026
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ CISA has added 4 vulnerabilities to the KEV Catalog https://t.co/9idGUAHIKd CVE-2020-7796: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability CVE-2024-7694: TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Typ
@DarkWebInformer
17 Feb 2026
3369 Impressions
4 Retweets
19 Likes
7 Bookmarks
1 Reply
0 Quotes
#VulnAlert 🚨 Ataques SSRF masivos GreyNoise alerta sobre una campaña coordinada de SSRF en 400+ IPs en EEUU, Alemania, Singapur, Israel y más. 🔴 CVEs: • CVE-2020-7796 (Zimbra, CVSS 9.8) • CVE-2021-22175 (GitLab, CVSS 9.8) • CVE-2023-5830 (ColumbiaSoft, CVSS 9.8)
@Cyph3R_CyberSec
12 Mar 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8BF8662-919E-4A40-917F-FEA0EA73491C",
"versionEndExcluding": "8.8.15"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E39A855-C0EB-4448-AE96-177757C40C66"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FFE7BE6E-7A9A-40C7-B236-7A21103E9F41"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FCB5528-70FD-4525-A78B-D5537609331A"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF2EE32D-04A5-46EA-92F0-3C8D74A4B82A"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB3C28CA-4C22-423E-B1C7-CBAFBB91F4DB"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9A1314A-20C8-42D7-9387-D914999EEAF6"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CEF091C5-8DC6-4A41-9E84-F53BE703F71B"
}
],
"operator": "OR"
}
]
}
]