Login

Cve20207796 Zimbra Collaboration Suite Full Now

CVE-2020-27996 is a critical security vulnerability affecting Zimbra Collaboration Suite (ZCS) , specifically versions prior to 8.8.15 Patch 12 and 9.0.0 Patch 4. It is classified as an unauthenticated, remote cross-site scripting (XSS) vulnerability that, when chained with other weaknesses, leads to full mailbox compromise and potential server takeover.

Zimbra allows extensions and custom handlers via Java servlets. One such servlet is the UserServlet (or ProxyServlet), which is designed to fetch resources on behalf of a user. This servlet accepts parameters that specify the target URL or resource path.

The flaw resides in how the servlet validates (or fails to validate) the file parameter. In a typical request: cve20207796 zimbra collaboration suite full

https://zimbra.example.com/proxy?file=/some/localfile.txt

The servlet is supposed to restrict paths to within the Zimbra installation directory. However, due to insufficient sanitization, an attacker could supply a path with directory traversal (../) or inject command delimiters.

CVE-2020-27996 is a classic but powerful reflected XSS flaw in Zimbra Collaboration Suite, made severe due to Zimbra’s complex routing and proxy architecture. While its CVSS score is “Medium,” its real-world impact — especially when combined with CVE-2020-27995 — is full system compromise. Administrators must patch immediately or apply strict URL filtering to prevent exploitation. The servlet is supposed to restrict paths to

Final recommendation: Always keep Zimbra Collaboration Suite updated. Subscribe to Zimbra’s security announcements and perform regular security audits of custom integrations and exposed servlets.

Last updated: 2026-04-19
References: NVD, Zimbra Security Advisories, Rapid7 Analysis, Project Discovery research. If upgrading is impossible

The impact of this vulnerability is severe and multifaceted:

  • If upgrading is impossible, disable the proxy servlet entirely by adding to jetty.xml.in: 
    <Call name="addFilter">
  <Arg>org.eclipse.jetty.servlet.DisabledProxyFilter</Arg>
</Call>
    Note: This may break some Zimlet functionality.

    • CVE-2020-7796 represents a critical security vulnerability discovered in the Zimbra Collaboration Suite (ZCS), a popular email and collaboration platform used widely by enterprises and governments. This flaw allows an unauthenticated remote attacker to upload arbitrary files to the server. In specific configurations, this can lead to Remote Code Execution (RCE), granting the attacker full control over the mail server and access to sensitive email data.

    sitemap | cookie policy | privacy policy | accessibility statement