SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Zimbra_collaboration_suite | Synacor | * | 9.0.0 (excluding) |
Zimbra_collaboration_suite | Synacor | 10.0.0 (including) | 10.0.12 (excluding) |
Zimbra_collaboration_suite | Synacor | 10.1.0 (including) | 10.1.4 (excluding) |
Zimbra_collaboration_suite | Synacor | 9.0.0 (including) | 9.0.0 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p1 (including) | 9.0.0-p1 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p10 (including) | 9.0.0-p10 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p11 (including) | 9.0.0-p11 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p12 (including) | 9.0.0-p12 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p13 (including) | 9.0.0-p13 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p14 (including) | 9.0.0-p14 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p15 (including) | 9.0.0-p15 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p16 (including) | 9.0.0-p16 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p17 (including) | 9.0.0-p17 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p18 (including) | 9.0.0-p18 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p19 (including) | 9.0.0-p19 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p2 (including) | 9.0.0-p2 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p20 (including) | 9.0.0-p20 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p21 (including) | 9.0.0-p21 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p22 (including) | 9.0.0-p22 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p23 (including) | 9.0.0-p23 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p24 (including) | 9.0.0-p24 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p24.1 (including) | 9.0.0-p24.1 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p25 (including) | 9.0.0-p25 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p26 (including) | 9.0.0-p26 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p27 (including) | 9.0.0-p27 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p28 (including) | 9.0.0-p28 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p29 (including) | 9.0.0-p29 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p3 (including) | 9.0.0-p3 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p30 (including) | 9.0.0-p30 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p31 (including) | 9.0.0-p31 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p32 (including) | 9.0.0-p32 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p33 (including) | 9.0.0-p33 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p34 (including) | 9.0.0-p34 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p35 (including) | 9.0.0-p35 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p36 (including) | 9.0.0-p36 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p37 (including) | 9.0.0-p37 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p38 (including) | 9.0.0-p38 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p39 (including) | 9.0.0-p39 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p4 (including) | 9.0.0-p4 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p40 (including) | 9.0.0-p40 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p41 (including) | 9.0.0-p41 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p42 (including) | 9.0.0-p42 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p5 (including) | 9.0.0-p5 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p6 (including) | 9.0.0-p6 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p7 (including) | 9.0.0-p7 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p8 (including) | 9.0.0-p8 (including) |
Zimbra_collaboration_suite | Synacor | 9.0.0-p9 (including) | 9.0.0-p9 (including) |