Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Zimbra Collaboration Suite can be tricked into accessing unauthorized websites
Known exploited
Exploitation likelihood: 94%
CVE-2020-7796
CVE-2020-7796
Summary
If you're using Zimbra Collaboration Suite and have the WebEx zimlet installed, a malicious threat actor could potentially trick the system into accessing unauthorized websites. This could lead to security issues, such as sensitive data being compromised. To mitigate this risk, ensure the zimlet and the zimlet JSP are properly configured and up-to-date.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| synacor | zimbra collaboration suite | All versions | – |
| synacor | zimbra_collaboration_suite | <= 8.8.15 | – |
| synacor | zimbra_collaboration_suite | 8.8.15 | – |
| synacor | zimbra_collaboration_suite | 8.8.15 | – |
| synacor | zimbra_collaboration_suite | 8.8.15 | – |
| synacor | zimbra_collaboration_suite | 8.8.15 | – |
| synacor | zimbra_collaboration_suite | 8.8.15 | – |
| synacor | zimbra_collaboration_suite | 8.8.15 | – |
| synacor | zimbra_collaboration_suite | 8.8.15 | – |
Original title
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
Original description
Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP is enabled.
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
- https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7 Release Notes Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-... US Government Resource
Published: 17 Feb 2026 · Updated: 15 Mar 2026 · First seen: 6 Mar 2026