Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Zimbra_collaboration_suite | Synacor | * | 8.6.0 (excluding) |
| Zimbra_collaboration_suite | Synacor | 8.7.0 (including) | 8.7.11 (excluding) |
| Zimbra_collaboration_suite | Synacor | 8.8.0 (including) | 8.8.9 (excluding) |
| Zimbra_collaboration_suite | Synacor | 8.6.0 (including) | 8.6.0 (including) |
| Zimbra_collaboration_suite | Synacor | 8.6.0-patch1 (including) | 8.6.0-patch1 (including) |
| Zimbra_collaboration_suite | Synacor | 8.6.0-patch10 (including) | 8.6.0-patch10 (including) |
| Zimbra_collaboration_suite | Synacor | 8.6.0-patch11 (including) | 8.6.0-patch11 (including) |
| Zimbra_collaboration_suite | Synacor | 8.6.0-patch12 (including) | 8.6.0-patch12 (including) |
| Zimbra_collaboration_suite | Synacor | 8.6.0-patch2 (including) | 8.6.0-patch2 (including) |
| Zimbra_collaboration_suite | Synacor | 8.6.0-patch3 (including) | 8.6.0-patch3 (including) |
| Zimbra_collaboration_suite | Synacor | 8.6.0-patch4 (including) | 8.6.0-patch4 (including) |
| Zimbra_collaboration_suite | Synacor | 8.6.0-patch5 (including) | 8.6.0-patch5 (including) |
| Zimbra_collaboration_suite | Synacor | 8.6.0-patch6 (including) | 8.6.0-patch6 (including) |
| Zimbra_collaboration_suite | Synacor | 8.6.0-patch7 (including) | 8.6.0-patch7 (including) |
| Zimbra_collaboration_suite | Synacor | 8.6.0-patch8 (including) | 8.6.0-patch8 (including) |
| Zimbra_collaboration_suite | Synacor | 8.6.0-patch9 (including) | 8.6.0-patch9 (including) |
| Zimbra_collaboration_suite | Synacor | 8.7.11 (including) | 8.7.11 (including) |
| Zimbra_collaboration_suite | Synacor | 8.7.11-patch1 (including) | 8.7.11-patch1 (including) |
| Zimbra_collaboration_suite | Synacor | 8.7.11-patch10 (including) | 8.7.11-patch10 (including) |
| Zimbra_collaboration_suite | Synacor | 8.7.11-patch2 (including) | 8.7.11-patch2 (including) |
| Zimbra_collaboration_suite | Synacor | 8.7.11-patch3 (including) | 8.7.11-patch3 (including) |
| Zimbra_collaboration_suite | Synacor | 8.7.11-patch4 (including) | 8.7.11-patch4 (including) |
| Zimbra_collaboration_suite | Synacor | 8.7.11-patch5 (including) | 8.7.11-patch5 (including) |
| Zimbra_collaboration_suite | Synacor | 8.7.11-patch6 (including) | 8.7.11-patch6 (including) |
| Zimbra_collaboration_suite | Synacor | 8.7.11-patch7 (including) | 8.7.11-patch7 (including) |
| Zimbra_collaboration_suite | Synacor | 8.7.11-patch8 (including) | 8.7.11-patch8 (including) |
| Zimbra_collaboration_suite | Synacor | 8.7.11-patch9 (including) | 8.7.11-patch9 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.9 (including) | 8.8.9 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.9-p5 (including) | 8.8.9-p5 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.9-patch1 (including) | 8.8.9-patch1 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.9-patch2 (including) | 8.8.9-patch2 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.9-patch3 (including) | 8.8.9-patch3 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.9-patch4 (including) | 8.8.9-patch4 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.9-patch6 (including) | 8.8.9-patch6 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.9-patch7 (including) | 8.8.9-patch7 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.9-patch8 (including) | 8.8.9-patch8 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.9-patch9 (including) | 8.8.9-patch9 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.10 (including) | 8.8.10 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.10-patch1 (including) | 8.8.10-patch1 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.10-patch2 (including) | 8.8.10-patch2 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.10-patch3 (including) | 8.8.10-patch3 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.10-patch4 (including) | 8.8.10-patch4 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.10-patch6 (including) | 8.8.10-patch6 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.10-patch7 (including) | 8.8.10-patch7 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.11 (including) | 8.8.11 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.11-patch1 (including) | 8.8.11-patch1 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.11-patch2 (including) | 8.8.11-patch2 (including) |
| Zimbra_collaboration_suite | Synacor | 8.8.11-patch3 (including) | 8.8.11-patch3 (including) |