Cve20207796 Zimbra Collaboration Suite Full [new] -

Critical SSRF Vulnerability in Zimbra Collaboration Suite (CVE-2020-7796)

Monday morning, LogiCore’s email is down. The attacker (simulated by Maya) has: cve20207796 zimbra collaboration suite full

An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable endpoint, which can lead to the execution of arbitrary code on the system. This can allow the attacker to gain unauthorized access to sensitive data, disrupt email services, or even take control of the entire system. The Zimbra Collaboration Suite, a popular open-source email

The Zimbra Collaboration Suite, a popular open-source email and collaboration platform, has been vulnerable to a critical security flaw, known as CVE-2020-7796. This vulnerability affects the full suite, exposing millions of users worldwide to potential cyber threats. In this article, we will explore the details of the vulnerability, its impact, and the necessary steps to mitigate the risks. The JSP shell is uploaded to /public/evil

The JSP shell is uploaded to /public/evil.jsp. Maya accesses it directly: https://mail.logi-core.com/public/evil.jsp. A reverse shell connects back to her laptop.

Final recommendation: Always keep Zimbra Collaboration Suite updated. Subscribe to Zimbra’s security announcements and perform regular security audits of custom integrations and exposed servlets.