The UNESCO-UNEVOC International Centre: Who We Are | What We Do | Donors and partners | Working With Us | Get in Touch
The UNEVOC Network: Learn About the Network | UNEVOC Network Directory | UNEVOC Network Spotlight
For Members: UNEVOC Centre Dashboard
cve20207796 zimbra collaboration suite full
Thematic Areas: Inclusion and Youth | Digital Transformation | Private Sector Engagement | SDGs and Greening TVET
Our Key Programmes & Projects: BILT: Bridging Innovation and Learning in TVET | Building TVET resilience | TVET Leadership Programme | WYSD: World Youth Skills Day | UNEVOC Network Coaction Initiative
Past Activities: COVID-19 response | i-hubs project | TVET Global Forums | Virtual Conferences | YEM Knowledge Portal
CVE-2020-7796 is a critical vulnerability in the Zimbra
Publications & guides: Publications | Greening TVET guide | Entrepreneurial learning guide | Inclusion in TVET guide
Resources: TVET Forum | TVETipedia Glossary | Global Skills Tracker | TVET Country Profiles | Innovative and Promising Practices | Open Educational Resources | Digital Competence Frameworks | TVET Toolkits
Events: Major TVET Events | UNEVOC Network News
cve20207796 zimbra collaboration suite full
CVE-2020-7796 is a critical vulnerability in the Zimbra Collaboration Suite, a popular open-source email and collaboration platform. The vulnerability allows an unauthenticated attacker to exploit a weakness in the Zimbra suite, potentially leading to unauthorized access to sensitive information.
A proof-of-concept exploit has been publicly disclosed, demonstrating how an attacker can exploit the vulnerability to read sensitive files and execute system commands.
The vulnerability, CVE-2020-7796, was discovered in the Zimbra Collaboration Suite version prior to 8.8.15 Patch 10. The issue lies in the Zimbra's REST (Representational State of Resource) API, which is used to manage and interact with the suite's features. An attacker can send a crafted HTTP request to the REST API, which can lead to a Blind Command Injection.
