CVE-2020-7796
CRITICAL KEV NUCLEIZimbra Collaboration Suite <8.8.15 Patch 7 - SSRF
Title source: llmDescription
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
Nuclei Templates (1)
Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request Forgery
CRITICALby gy741
Shodan:
http.title:"zimbra collaboration suite" || http.title:"zimbra web client sign in"
FOFA:
title="zimbra web client sign in" || title="zimbra collaboration suite"
Scores
CVSS v3
9.8
EPSS
0.9355
EPSS Percentile
99.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Intel
CISA KEV
2026-02-17
VulnCheck KEV
2023-12-12
ENISA EUVD
EUVD-2020-28728
Classification
CWE
CWE-918
Status
published
Affected Products (8)
synacor/zimbra_collaboration_suite
< 8.8.15
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
synacor/zimbra_collaboration_suite
Timeline
Published
Feb 18, 2020
KEV Added
Feb 17, 2026
Tracked Since
Feb 18, 2026