CVE-2019-9621

🗓️ 30 Apr 2019 17:40:53Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 392 Views🌐 WEB

Zimbra Collaboration Suite SSRF vulnerabilit

Reporter	Title	Published	Views	Family All 24
0day.today	Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF Exploit	11 Apr 201900:00	–	zdt
0day.today	Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery Vulnerability	6 Jun 201900:00	–	zdt
GithubExploit	Exploit for Server-Side Request Forgery in Synacor Zimbra_Collaboration_Suite	6 May 201915:47	–	githubexploit
ATTACKERKB	Zimbra Collaboration Suite ProxyServlet SSRF	30 Apr 201900:00	–	attackerkb
Circl	CVE-2019-9621	10 Apr 201917:38	–	circl
CISA KEV Catalog	Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability	7 Jul 202500:00	–	cisa_kev
CISA	CISA Adds Four Known Exploited Vulnerabilities to Catalog	7 Jul 202512:00	–	cisa
Cvelist	CVE-2019-9621	30 Apr 201917:40	–	cvelist
Metasploit	Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF	1 Apr 201912:32	–	metasploit
Nuclei	Zimbra Collaboration Suite - SSRF	25 May 202604:37	–	nuclei

NVD

Node

synacor zimbra_collaboration_suiteRange<8.6.0

synacor zimbra_collaboration_suiteRange8.7.0–8.7.11

synacor zimbra_collaboration_suiteRange8.8.0–8.8.9

synacor zimbra_collaboration_suiteMatch8.6.0-

synacor zimbra_collaboration_suiteMatch8.6.0patch1

synacor zimbra_collaboration_suiteMatch8.6.0patch10

synacor zimbra_collaboration_suiteMatch8.6.0patch11

synacor zimbra_collaboration_suiteMatch8.6.0patch12

synacor zimbra_collaboration_suiteMatch8.6.0patch2

synacor zimbra_collaboration_suiteMatch8.6.0patch3

synacor zimbra_collaboration_suiteMatch8.6.0patch4

synacor zimbra_collaboration_suiteMatch8.6.0patch5

synacor zimbra_collaboration_suiteMatch8.6.0patch6

synacor zimbra_collaboration_suiteMatch8.6.0patch7

synacor zimbra_collaboration_suiteMatch8.6.0patch8

synacor zimbra_collaboration_suiteMatch8.6.0patch9

synacor zimbra_collaboration_suiteMatch8.7.11-

synacor zimbra_collaboration_suiteMatch8.7.11patch1

synacor zimbra_collaboration_suiteMatch8.7.11patch10

synacor zimbra_collaboration_suiteMatch8.7.11patch2

synacor zimbra_collaboration_suiteMatch8.7.11patch3

synacor zimbra_collaboration_suiteMatch8.7.11patch4

synacor zimbra_collaboration_suiteMatch8.7.11patch5

synacor zimbra_collaboration_suiteMatch8.7.11patch6

synacor zimbra_collaboration_suiteMatch8.7.11patch7

synacor zimbra_collaboration_suiteMatch8.7.11patch8

synacor zimbra_collaboration_suiteMatch8.7.11patch9

synacor zimbra_collaboration_suiteMatch8.8.9-

synacor zimbra_collaboration_suiteMatch8.8.9p5

synacor zimbra_collaboration_suiteMatch8.8.9patch1

synacor zimbra_collaboration_suiteMatch8.8.9patch2

synacor zimbra_collaboration_suiteMatch8.8.9patch3

synacor zimbra_collaboration_suiteMatch8.8.9patch4

synacor zimbra_collaboration_suiteMatch8.8.9patch6

synacor zimbra_collaboration_suiteMatch8.8.9patch7

synacor zimbra_collaboration_suiteMatch8.8.9patch8

synacor zimbra_collaboration_suiteMatch8.8.9patch9

synacor zimbra_collaboration_suiteMatch8.8.10-

synacor zimbra_collaboration_suiteMatch8.8.10patch1

synacor zimbra_collaboration_suiteMatch8.8.10patch2

synacor zimbra_collaboration_suiteMatch8.8.10patch3

synacor zimbra_collaboration_suiteMatch8.8.10patch4

synacor zimbra_collaboration_suiteMatch8.8.10patch6

synacor zimbra_collaboration_suiteMatch8.8.10patch7

synacor zimbra_collaboration_suiteMatch8.8.11-

synacor zimbra_collaboration_suiteMatch8.8.11patch1

synacor zimbra_collaboration_suiteMatch8.8.11patch2

synacor zimbra_collaboration_suiteMatch8.8.11patch3

Source	Link
wiki	www.wiki.zimbra.com/wiki/Zimbra_Security_Advisories
exploit-db	www.exploit-db.com/exploits/46693/
wiki	www.wiki.zimbra.com/wiki/Security_Center
bugzilla	www.bugzilla.zimbra.com/show_bug.cgi
packetstormsecurity	www.packetstormsecurity.com/files/153190/Zimbra-XML-Injection-Server-Side-Request-Forgery.html
packetstormsecurity	www.packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html
blog	www.blog.zimbra.com/2019/03/9826/
blog	www.blog.tint0.com/2019/03/a-saga-of-code-executions-on-zimbra.html
rapid7	www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
XML payload	request body	Autodiscover/Autodiscover.xml	XXE/SSRF vector via Autodiscover endpoint using XML payload	CWE-918
account	request body	service/soap	Low-privilege authentication to Zimbra SOAP endpoint enabling further exploitation	CWE-918
password	request body	service/soap	Low-privilege authentication to Zimbra SOAP endpoint enabling further exploitation	CWE-918
target	query param	service/proxy?target=https://127.0.0.1:7071/service/admin/soap	SSRF to internal admin SOAP service via proxy endpoint	CWE-918
filename1	upload data	service/extension/clientUploader/upload	File upload that can deploy a malicious shell	CWE-918
clientFile	upload data	service/extension/clientUploader/upload	File upload that can deploy a malicious shell	CWE-918
requestId	upload data	service/extension/clientUploader/upload	File upload that can deploy a malicious shell	CWE-918

04 Nov 2025 16:46Current

7.5High risk

Vulners AI Score7.5

CVSS 25

CVSS 3.17.5

EPSS0.94113

SSVC