CVE-2019-9621

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.

Published: Apr 30, 2019
Updated: Nov 5, 2025
CVE: CVE-2019-9621
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
synacor / zimbra_collaboration_suite	-	8.6.0
synacor / zimbra_collaboration_suite	8.7.0	8.7.11
synacor / zimbra_collaboration_suite	8.8.0	8.8.9
synacor / zimbra_collaboration_suite	8.6.0	8.6.0.x
synacor / zimbra_collaboration_suite	8.6.0-patch1	8.6.0-patch1.x
synacor / zimbra_collaboration_suite	8.6.0-patch10	8.6.0-patch10.x
synacor / zimbra_collaboration_suite	8.6.0-patch11	8.6.0-patch11.x
synacor / zimbra_collaboration_suite	8.6.0-patch12	8.6.0-patch12.x
synacor / zimbra_collaboration_suite	8.6.0-patch2	8.6.0-patch2.x
synacor / zimbra_collaboration_suite	8.6.0-patch3	8.6.0-patch3.x
synacor / zimbra_collaboration_suite	8.6.0-patch4	8.6.0-patch4.x
synacor / zimbra_collaboration_suite	8.6.0-patch5	8.6.0-patch5.x
synacor / zimbra_collaboration_suite	8.6.0-patch6	8.6.0-patch6.x
synacor / zimbra_collaboration_suite	8.6.0-patch7	8.6.0-patch7.x
synacor / zimbra_collaboration_suite	8.6.0-patch8	8.6.0-patch8.x
synacor / zimbra_collaboration_suite	8.6.0-patch9	8.6.0-patch9.x
synacor / zimbra_collaboration_suite	8.7.11	8.7.11.x
synacor / zimbra_collaboration_suite	8.7.11-patch1	8.7.11-patch1.x
synacor / zimbra_collaboration_suite	8.7.11-patch10	8.7.11-patch10.x
synacor / zimbra_collaboration_suite	8.7.11-patch2	8.7.11-patch2.x
synacor / zimbra_collaboration_suite	8.7.11-patch3	8.7.11-patch3.x
synacor / zimbra_collaboration_suite	8.7.11-patch4	8.7.11-patch4.x
synacor / zimbra_collaboration_suite	8.7.11-patch5	8.7.11-patch5.x
synacor / zimbra_collaboration_suite	8.7.11-patch6	8.7.11-patch6.x
synacor / zimbra_collaboration_suite	8.7.11-patch7	8.7.11-patch7.x
synacor / zimbra_collaboration_suite	8.7.11-patch8	8.7.11-patch8.x
synacor / zimbra_collaboration_suite	8.7.11-patch9	8.7.11-patch9.x
synacor / zimbra_collaboration_suite	8.8.9	8.8.9.x
synacor / zimbra_collaboration_suite	8.8.9-p5	8.8.9-p5.x
synacor / zimbra_collaboration_suite	8.8.9-patch1	8.8.9-patch1.x
synacor / zimbra_collaboration_suite	8.8.9-patch2	8.8.9-patch2.x
synacor / zimbra_collaboration_suite	8.8.9-patch3	8.8.9-patch3.x
synacor / zimbra_collaboration_suite	8.8.9-patch4	8.8.9-patch4.x
synacor / zimbra_collaboration_suite	8.8.9-patch6	8.8.9-patch6.x
synacor / zimbra_collaboration_suite	8.8.9-patch7	8.8.9-patch7.x
synacor / zimbra_collaboration_suite	8.8.9-patch8	8.8.9-patch8.x
synacor / zimbra_collaboration_suite	8.8.9-patch9	8.8.9-patch9.x
synacor / zimbra_collaboration_suite	8.8.10	8.8.10.x
synacor / zimbra_collaboration_suite	8.8.10-patch1	8.8.10-patch1.x
synacor / zimbra_collaboration_suite	8.8.10-patch2	8.8.10-patch2.x
synacor / zimbra_collaboration_suite	8.8.10-patch3	8.8.10-patch3.x
synacor / zimbra_collaboration_suite	8.8.10-patch4	8.8.10-patch4.x
synacor / zimbra_collaboration_suite	8.8.10-patch6	8.8.10-patch6.x
synacor / zimbra_collaboration_suite	8.8.10-patch7	8.8.10-patch7.x
synacor / zimbra_collaboration_suite	8.8.11	8.8.11.x
synacor / zimbra_collaboration_suite	8.8.11-patch1	8.8.11-patch1.x
synacor / zimbra_collaboration_suite	8.8.11-patch2	8.8.11-patch2.x
synacor / zimbra_collaboration_suite	8.8.11-patch3	8.8.11-patch3.x

Vulnerability Database

309,237

CVE-2019-9621

Deep Security Visibility Without the Complexity