Cve20207796 Zimbra Collaboration Suite Full !full! < 720p >

A typical unauthenticated RCE request looks like this (simplified):

The core issue is tied to the handling of RAR archives. Historically, the unrar binary used by Zimbra was a statically linked binary maintained by the vendor or relied upon from upstream repositories that were outdated. The vulnerability allows the attacker to escape the constraints of the scanning process and execute commands as the zimbra user, and subsequently escalate privileges to root due to default configuration permissions. cve20207796 zimbra collaboration suite full

Her boss waves it off. "It's just an SSRF. Internal network only. Patch it next week." A typical unauthenticated RCE request looks like this

Upgrade to Zimbra Collaboration 8.8.15 Patch 7 or later . This version contains the necessary security fixes for this SSRF flaw. cve20207796 zimbra collaboration suite full