The vulnerability is specifically linked to the WebEx Zimlet ( com_zimbra_webex ) when the Zimlet JSP functionality is enabled.
Insufficient validation of user-supplied URLs within a Zimbra application component. Technical Impact cve20207796 zimbra collaboration suite full
In some scenarios, it may be possible to steal login credentials or inject malware through chained exploits. Current Threat Status The vulnerability is specifically linked to the WebEx
Implement network-level restrictions to limit the Zimbra server’s outbound connections only to trusted destinations. cve20207796 zimbra collaboration suite full
Attackers can send unauthorized requests to internal services that are normally protected by firewalls.
Upgrade to Zimbra Collaboration 8.8.15 Patch 7 or later . This version contains the necessary security fixes for this SSRF flaw.