Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2019-9621
HistoryApr 30, 2019 - 6:29 p.m.

CVE-2019-9621

2019-04-3018:29:08
CWE-918
[email protected]
web.nvd.nist.gov
6

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.899

Percentile

98.9%

JSON

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.

Affected configurations

Nvd
Node
zimbracollaboration_serverRange<8.6.0
OR
zimbracollaboration_serverRange8.7.08.7.11
OR
zimbracollaboration_serverRange8.8.08.8.10
OR
zimbracollaboration_serverMatch8.6.0-
OR
zimbracollaboration_serverMatch8.6.0p1
OR
zimbracollaboration_serverMatch8.6.0p10
OR
zimbracollaboration_serverMatch8.6.0p11
OR
zimbracollaboration_serverMatch8.6.0p12
OR
zimbracollaboration_serverMatch8.6.0p2
OR
zimbracollaboration_serverMatch8.6.0p3
OR
zimbracollaboration_serverMatch8.6.0p4
OR
zimbracollaboration_serverMatch8.6.0p5
OR
zimbracollaboration_serverMatch8.6.0p6
OR
zimbracollaboration_serverMatch8.6.0p7
OR
zimbracollaboration_serverMatch8.6.0p8
OR
zimbracollaboration_serverMatch8.6.0p9
OR
zimbracollaboration_serverMatch8.7.11-
OR
zimbracollaboration_serverMatch8.7.11p1
OR
zimbracollaboration_serverMatch8.7.11p2
OR
zimbracollaboration_serverMatch8.7.11p3
OR
zimbracollaboration_serverMatch8.7.11p4
OR
zimbracollaboration_serverMatch8.7.11p5
OR
zimbracollaboration_serverMatch8.7.11p6
OR
zimbracollaboration_serverMatch8.7.11p7
OR
zimbracollaboration_serverMatch8.7.11p8
OR
zimbracollaboration_serverMatch8.7.11p9
OR
zimbracollaboration_serverMatch8.8.10-
OR
zimbracollaboration_serverMatch8.8.10p1
OR
zimbracollaboration_serverMatch8.8.10p2
OR
zimbracollaboration_serverMatch8.8.10p3
OR
zimbracollaboration_serverMatch8.8.10p4
OR
zimbracollaboration_serverMatch8.8.10p5
OR
zimbracollaboration_serverMatch8.8.10p6
OR
zimbracollaboration_serverMatch8.8.11-
OR
zimbracollaboration_serverMatch8.8.11p1
OR
zimbracollaboration_serverMatch8.8.11p2
VendorProductVersionCPE
zimbracollaboration_server*cpe:2.3:a:zimbra:collaboration_server:*:*:*:*:*:*:*:*
zimbracollaboration_server8.6.0cpe:2.3:a:zimbra:collaboration_server:8.6.0:-:*:*:*:*:*:*
zimbracollaboration_server8.6.0cpe:2.3:a:zimbra:collaboration_server:8.6.0:p1:*:*:*:*:*:*
zimbracollaboration_server8.6.0cpe:2.3:a:zimbra:collaboration_server:8.6.0:p10:*:*:*:*:*:*
zimbracollaboration_server8.6.0cpe:2.3:a:zimbra:collaboration_server:8.6.0:p11:*:*:*:*:*:*
zimbracollaboration_server8.6.0cpe:2.3:a:zimbra:collaboration_server:8.6.0:p12:*:*:*:*:*:*
zimbracollaboration_server8.6.0cpe:2.3:a:zimbra:collaboration_server:8.6.0:p2:*:*:*:*:*:*
zimbracollaboration_server8.6.0cpe:2.3:a:zimbra:collaboration_server:8.6.0:p3:*:*:*:*:*:*
zimbracollaboration_server8.6.0cpe:2.3:a:zimbra:collaboration_server:8.6.0:p4:*:*:*:*:*:*
zimbracollaboration_server8.6.0cpe:2.3:a:zimbra:collaboration_server:8.6.0:p5:*:*:*:*:*:*
Rows per page:
1-10 of 341

Related

exploitdb 2
cvelist 1
saint 3
attackerkb 1
cve 1
packetstorm 2
zdt 2
prion 1
osv 1
metasploit 1
thn 1
exploitdb
exploitdb
Zimbra &lt; 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
2019-06-05 00:00:00
Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)
2019-04-12 00:00:00
cvelist
cvelist
CVE-2019-9621
2019-04-30 17:40:53
saint
saint
Zimbra Collaboration Suite ProxyServlet Server Side Request Forgery
2019-06-06 00:00:00
Zimbra Collaboration Suite ProxyServlet Server Side Request Forgery
2019-06-06 00:00:00
Zimbra Collaboration Suite ProxyServlet Server Side Request Forgery
2019-06-06 00:00:00
attackerkb
attackerkb
Zimbra Collaboration Suite ProxyServlet SSRF
2019-04-30 00:00:00
cve
cve
CVE-2019-9621
2019-04-30 18:29:08
packetstorm
packetstorm
Zimbra XML Injection / Server-Side Request Forgery
2019-06-05 00:00:00
Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF
2019-04-11 00:00:00
zdt
zdt
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery Vulnerability
2019-06-06 00:00:00
Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF Exploit
2019-04-11 00:00:00
prion
prion
Design/Logic Flaw
2019-04-30 18:29:00
osv
osv
CVE-2019-9621
2019-04-30 18:29:08
metasploit
metasploit
Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF
2019-04-01 12:32:57
thn
thn
Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities
2023-09-19 11:10:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.899

Percentile

98.9%

JSON
Related for NVD:CVE-2019-9621
exploitdb2cvelist1saint3attackerkb1cve1packetstorm2zdt2prion1osv1metasploit1thn1