2 matches found
New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email
Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud...
CVE-2021-35209
The CVE-2021-35209 issue affects Zimbra Collaboration Suite via the ProxyServlet /proxy implementation. The X-Host header can override the Host header in proxied requests, and the value is not validated against zimbraProxyAllowedDomains, enabling an SSRF-like possibility and open redirect behavio...