Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-9621

Опубликовано: 30 апр. 2019
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Критический

Описание

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
Версия до 8.6.0 (исключая)
cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
Версия от 8.7.0 (включая) до 8.7.11 (исключая)
cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
Версия от 8.8.0 (включая) до 8.8.9 (исключая)
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch10:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch11:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch12:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch4:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch5:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch6:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch7:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch8:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch9:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch10:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch4:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch5:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch6:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch7:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch8:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch9:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p5:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:patch1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:patch2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:patch3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:patch4:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:patch6:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:patch7:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:patch8:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:patch9:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:patch1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:patch2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:patch3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:patch4:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:patch6:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:patch7:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:patch1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:patch2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:patch3:*:*:*:*:*:*

EPSS

Процентиль: 100%
0.94119
Критический

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-918
CWE-918

Связанные уязвимости

github логотип

GHSA-gf2h-5qx6-v9fr

CVSS3: 7.5
github
больше 3 лет назад

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.

fstec логотип

BDU:2024-08043

CVSS3: 7.5
fstec
почти 7 лет назад

Уязвимость корпоративной системы управления электронной почтой Zimbra Collaboration Suite (ZCS), связанная с недостаточной проверкой поступающих запросов, позволяющая нарушителю осуществить SSRF-атаку

EPSS

Процентиль: 100%
0.94119
Критический

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-918
CWE-918