ID CVE-2019-9621
Summary Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
References
Vulnerable Configurations
  • cpe:2.3:a:zimbra:collaboration_server:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:7.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:7.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:7.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:7.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:7.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:7.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:7.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:7.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:7.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:7.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:7.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:7.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.6.0:-:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.6.0:-:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.6.0:p1:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.6.0:p1:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.6.0:p10:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.6.0:p10:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.6.0:p11:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.6.0:p11:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.6.0:p12:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.6.0:p12:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.6.0:p2:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.6.0:p2:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.6.0:p3:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.6.0:p3:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.6.0:p4:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.6.0:p4:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.6.0:p5:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.6.0:p5:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.6.0:p6:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.6.0:p6:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.6.0:p7:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.6.0:p7:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.6.0:p8:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.6.0:p8:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.6.0:p9:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.6.0:p9:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.7.10:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.7.11:-:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.7.11:-:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.7.11:p1:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.7.11:p1:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.7.11:p2:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.7.11:p2:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.7.11:p3:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.7.11:p3:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.7.11:p4:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.7.11:p4:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.7.11:p5:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.7.11:p5:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.7.11:p6:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.7.11:p6:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.7.11:p7:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.7.11:p7:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.7.11:p8:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.7.11:p8:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.7.11:p9:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.7.11:p9:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.8:-:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.8:-:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.8:p1:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.8:p1:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.8:p3:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.8:p3:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.8:p4:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.8:p4:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.8:p7:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.8:p7:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.9:-:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.9:-:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.9:p1:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.9:p1:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.9:p10:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.9:p10:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.9:p3:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.9:p3:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.10:-:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.10:-:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.10:p1:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.10:p1:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.10:p2:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.10:p2:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.10:p3:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.10:p3:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.10:p4:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.10:p4:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.10:p5:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.10:p5:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.10:p6:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.10:p6:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.11:-:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.11:-:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.11:p1:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.11:p1:*:*:*:*:*:*
  • cpe:2.3:a:zimbra:collaboration_server:8.8.11:p2:*:*:*:*:*:*
    cpe:2.3:a:zimbra:collaboration_server:8.8.11:p2:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 06-06-2019 - 20:29)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
confirm https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
exploit-db 46693
misc
saint via4
description Zimbra Collaboration Suite ProxyServlet Server Side Request Forgery
title zimbra_proxyservlet_ssrf
type remote
Last major update 06-06-2019 - 20:29
Published 30-04-2019 - 18:29
Last modified 06-06-2019 - 20:29
Back to Top