Cve20207796 Zimbra Collaboration Suite Full ((install))

However, the most efficient attack bypasses this by directly injecting into the extension parameter of the UserServlet .

For more technical details and patch instructions, visit the Zimbra Tech Center Release Notes . CVE-2020-7796 Detail - NVD cve20207796 zimbra collaboration suite full

She crafts a SOAP request to localhost:7071 asking for an auth token for admin@logi-core.local . The SSRF replies with a valid admin session key. However, the most efficient attack bypasses this by