πŸ”΄ CVE-2019-9621

Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration Suite's ProxyServlet component allows unauthenticated network-based exploitation. Zimbra is widely deployed as an internet-facing email and collaboration server, making this vulnerability directly exploitable from the internet against the server itself.

← Back to Overview
HIGH_RISK
Risk Level
7.5
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 β€” Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2019-04-30

Added to CISA KEV: 2025-07-07 2260 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2026-06-04)

CVE-2019-9621 is a high-severity Server-Side Request Forgery (SSRF) vulnerability affecting the Synacor Zimbra Collaboration Suite (ZCS) [4] [1].

Exploitation and Threat Actor Usage
  • Active Exploitation: The vulnerability has been exploited in the wild [3].
  • Threat Actors: It has been notably associated with the threat actor group Earth Lusca, which has utilized this vulnerability in their operations [3].
  • Proof-of-Concept: Proof-of-concept (PoC) exploit code is publicly available for this vulnerability [2] [3].
Attack Method and Impact
  • Method: The vulnerability exists within the `ProxyServlet` component of Zimbra Collaboration Suite [2] [1]. It allows an attacker to manipulate proxy settings to force the server to make unauthorized requests to internal resources [1].
  • Requirements: This is a remote attack that does not require local access.
  • Impact: Successful exploitation allows an adversary to perform SSRF, which can be used to bypass network restrictions, access internal services, or potentially expose sensitive data that is otherwise inaccessible from the outside [1].
Affected Versions and Mitigation
The vulnerability affects the following versions of Zimbra Collaboration Suite:
  • Versions before 8.6 patch 13
  • 8.7.x versions before 8.7.11 patch 10
  • 8.8.x versions before 8.8.10 patch 7
  • 8.8.x versions before 8.8.11 patch 3
Users are advised to apply the relevant patches provided by the vendor to mitigate this risk [2] [1]. Additionally, this CVE is listed in CISA's Known Exploited Vulnerabilities (KEV) Catalog, emphasizing the importance of remediation [5].

Sources

  1. CVE-2019-9621 Description, Impact and Technical Details

    CVE-2019-9621 is a serious vulnerability affecting Zimbra Collaboration Suite versions before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3. This issue permits a Remote Server Response Splitting (SSRF) attack, where an attacker can trick t…

  2. NVD - CVE-2019-9621

    Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. ... CVE-2019-9621 Detail. Description. Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before…

  3. CVE-2019-9621 - Exploits & Severity - Feedly

    CVEs. CVE-2019-9621. Exploit.CVE-2019-9621 is a critical vulnerability that has been exploited by Earth Lusca in the wild. There are proof-of-concept exploits available for this vulnerability, and it affects multiple server-based systems. Mitigations, detections, and patches should be implemented pr…

  4. CVE-2019-9621 | High Vulnerability in Synacor Zimbra ...

    CVE-2019-9621 is a high-severity Server-Side Request Forgery (SSRF) vulnerability that affects the Synacor Zimbra Collaboration Suite (ZCS).

  5. CVE-2019-9621 Detail - NVD

    This CVE is in CISA's Known Exploited Vulnerabilities Catalog. Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed