CVE-2019-9621
HIGH KEV NUCLEIZimbra Collaboration Suite <8.6-8.8 - SSRF
Title source: llmDescription
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/46693
Nuclei Templates (1)
Zimbra Collaboration Suite - SSRF
HIGHVERIFIEDby riteshs4hu
Shodan:
html:"Zimbra Collaboration Suite Web Client"
References (10)
Scores
CVSS v3
7.5
EPSS
0.9411
EPSS Percentile
99.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitation Intel
CISA KEV
2025-07-07
VulnCheck KEV
2023-09-18
InTheWild.io
2021-12-04
ENISA EUVD
EUVD-2019-18992
Classification
CWE
CWE-918
Status
published
Affected Products (46)
synacor/zimbra_collaboration_suite
< 8.6.0
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
... and 31 more
Timeline
Published
Apr 30, 2019
KEV Added
Jul 07, 2025
Tracked Since
Feb 18, 2026