{"id":"CVE-2019-6981","details":"Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.","modified":"2026-07-08T05:55:07.549458288Z","published":"2019-05-29T22:29:01.460Z","database_specific":{"unresolved_ranges":[{"source":"CPE_STRING","extracted_events":[{"introduced":"8.8.9-p6"},{"last_affected":"8.8.9-p6"},{"introduced":"8.8.9-p6"},{"last_affected":"8.8.9-p6"},{"introduced":"8.8.9-p6"},{"last_affected":"8.8.9-p6"},{"introduced":"8.8.9-p6"},{"last_affected":"8.8.9-p6"}],"cpes":["cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p6:*:*:*:*:*:*"],"vendor_product":"synacor:zimbra_collaboration_suite"}]},"references":[{"type":"ADVISORY","url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"},{"type":"REPORT","url":"https://bugzilla.zimbra.com/show_bug.cgi?id=109096"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zimbra/zm-build","events":[{"introduced":"0"},{"fixed":"6c3c77b328a0d7d3bafecb79d202960217922ef0"},{"fixed":"5000d7ff7c8650dbfff91678647fabc2bbf0e64b"},{"introduced":"6c3c77b328a0d7d3bafecb79d202960217922ef0"},{"last_affected":"31312ceebfeba104e1e2a16c554e734125b911d1"}],"database_specific":{"source":["CPE_RANGE","CPE_STRING"],"cpe":["cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p10:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p2:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p3:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p4:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p5:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p6:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p7:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p8:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p9:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:-:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p1:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p3:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:-:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:-:*:*:*:*:*:*"],"extracted_events":[{"introduced":"8.7.0"},{"fixed":"8.7.11"},{"introduced":"8.8.0"},{"fixed":"8.8.9"},{"introduced":"8.7.11-NA"},{"last_affected":"8.7.11-NA"},{"introduced":"8.7.11-p1"},{"last_affected":"8.7.11-p1"},{"introduced":"8.7.11-p10"},{"last_affected":"8.7.11-p10"},{"introduced":"8.7.11-p2"},{"last_affected":"8.7.11-p2"},{"introduced":"8.7.11-p3"},{"last_affected":"8.7.11-p3"},{"introduced":"8.7.11-p4"},{"last_affected":"8.7.11-p4"},{"introduced":"8.7.11-p5"},{"last_affected":"8.7.11-p5"},{"introduced":"8.7.11-p6"},{"last_affected":"8.7.11-p6"},{"introduced":"8.7.11-p7"},{"last_affected":"8.7.11-p7"},{"introduced":"8.7.11-p8"},{"last_affected":"8.7.11-p8"},{"introduced":"8.7.11-p9"},{"last_affected":"8.7.11-p9"},{"introduced":"8.8.9-NA"},{"last_affected":"8.8.9-NA"},{"introduced":"8.8.9-p1"},{"last_affected":"8.8.9-p1"},{"introduced":"8.8.9-p3"},{"last_affected":"8.8.9-p3"},{"introduced":"8.8.10-NA"},{"last_affected":"8.8.10-NA"},{"introduced":"8.8.11-NA"},{"last_affected":"8.8.11-NA"}]}}],"versions":["8.7.11-NA","8.7.11-p1","8.7.11-p10","8.7.11-p2","8.7.11-p3","8.7.11-p4","8.7.11-p5","8.7.11-p6","8.7.11-p7","8.7.11-p8","8.7.11-p9","8.8.10-NA","8.8.11-NA","8.8.9-NA","8.8.10","8.8.11.p3","8.8.11","8.8.9.p3","8.8.9.p1","8.8.9","8.8.8","8.7.11","8.8.7","8.8.6","8.8.4","8.8.3","8.8.2","8.8.0.beta1","8.7.10","8.7.9","8.7.7","8.7.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6981.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/zimbra/zm-mailbox","events":[{"introduced":"0"},{"fixed":"65929222951131db2cbb2378accbdd5f2fac0980"},{"fixed":"d5dcfa4470bbb057d961a28fc9c35717eeaa7225"},{"introduced":"65929222951131db2cbb2378accbdd5f2fac0980"},{"last_affected":"a8851178b07ae98eae9ddfe23ba59109d51a93d6"}],"database_specific":{"source":["CPE_RANGE","CPE_STRING"],"cpe":["cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p10:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p2:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p3:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p4:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p5:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p6:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p7:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p8:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p9:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:-:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p1:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p2:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p3:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p4:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p7:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p8:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:-:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p2:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p3:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p4:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p6:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:-:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:p2:*:*:*:*:*:*"],"extracted_events":[{"introduced":"8.7.0"},{"fixed":"8.7.11"},{"introduced":"8.8.0"},{"fixed":"8.8.9"},{"introduced":"8.7.11-NA"},{"last_affected":"8.7.11-NA"},{"introduced":"8.7.11-p1"},{"last_affected":"8.7.11-p1"},{"introduced":"8.7.11-p10"},{"last_affected":"8.7.11-p10"},{"introduced":"8.7.11-p2"},{"last_affected":"8.7.11-p2"},{"introduced":"8.7.11-p3"},{"last_affected":"8.7.11-p3"},{"introduced":"8.7.11-p4"},{"last_affected":"8.7.11-p4"},{"introduced":"8.7.11-p5"},{"last_affected":"8.7.11-p5"},{"introduced":"8.7.11-p6"},{"last_affected":"8.7.11-p6"},{"introduced":"8.7.11-p7"},{"last_affected":"8.7.11-p7"},{"introduced":"8.7.11-p8"},{"last_affected":"8.7.11-p8"},{"introduced":"8.7.11-p9"},{"last_affected":"8.7.11-p9"},{"introduced":"8.8.9-NA"},{"last_affected":"8.8.9-NA"},{"introduced":"8.8.9-p1"},{"last_affected":"8.8.9-p1"},{"introduced":"8.8.9-p2"},{"last_affected":"8.8.9-p2"},{"introduced":"8.8.9-p3"},{"last_affected":"8.8.9-p3"},{"introduced":"8.8.9-p4"},{"last_affected":"8.8.9-p4"},{"introduced":"8.8.9-p7"},{"last_affected":"8.8.9-p7"},{"introduced":"8.8.9-p8"},{"last_affected":"8.8.9-p8"},{"introduced":"8.8.10-NA"},{"last_affected":"8.8.10-NA"},{"introduced":"8.8.10-p2"},{"last_affected":"8.8.10-p2"},{"introduced":"8.8.10-p3"},{"last_affected":"8.8.10-p3"},{"introduced":"8.8.10-p4"},{"last_affected":"8.8.10-p4"},{"introduced":"8.8.10-p6"},{"last_affected":"8.8.10-p6"},{"introduced":"8.8.11-NA"},{"last_affected":"8.8.11-NA"},{"introduced":"8.8.11-p2"},{"last_affected":"8.8.11-p2"}]}}],"versions":["8.7.11-NA","8.7.11-p1","8.7.11-p10","8.7.11-p2","8.7.11-p3","8.7.11-p4","8.7.11-p5","8.7.11-p6","8.7.11-p7","8.7.11-p8","8.7.11-p9","8.8.10-NA","8.8.10-p2","8.8.10-p3","8.8.10-p4","8.8.10-p6","8.8.11-NA","8.8.11-p2","8.8.9-NA","8.8.9-p1","8.8.9-p2","8.8.9-p3","8.8.9-p4","8.8.9-p7","8.8.9-p8","8.8.8","8.7.6","8.8.11.p2","8.8.11","8.8.7","8.8.6","8.8.5","8.8.4","8.8.3","8.8.2","8.7.10","8.7.9","8.7.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6981.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/zimbra/zm-zcs","events":[{"introduced":"0"},{"fixed":"e177bad87d5312e7b2cd1915ae8c0cd2528cacdb"},{"fixed":"d36a4c8999c6377b7ae36c22f47bbea75974e8cc"},{"introduced":"e177bad87d5312e7b2cd1915ae8c0cd2528cacdb"},{"last_affected":"9aefd1afbab7e83046c6dceac5351fc52a026648"}],"database_specific":{"source":["CPE_RANGE","CPE_STRING"],"cpe":["cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:-:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:-:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:-:*:*:*:*:*:*"],"extracted_events":[{"introduced":"8.7.0"},{"fixed":"8.7.11"},{"introduced":"8.8.0"},{"fixed":"8.8.9"},{"introduced":"8.7.11-NA"},{"last_affected":"8.7.11-NA"},{"introduced":"8.7.11-p1"},{"last_affected":"8.7.11-p1"},{"introduced":"8.8.9-NA"},{"last_affected":"8.8.9-NA"},{"introduced":"8.8.10-NA"},{"last_affected":"8.8.10-NA"},{"introduced":"8.8.11-NA"},{"last_affected":"8.8.11-NA"}]}}],"versions":["8.7.11-NA","8.7.11-p1","8.8.10-NA","8.8.11-NA","8.8.9-NA","8.8.11","8.8.10","8.8.9","8.8.8","8.7.11","8.8.7","8.8.6","8.8.5","8.8.4","8.8.3","8.8.2","8.8.0beta2","8.8.0.beta1","8.7.10","8.7.9","8.7.7","8.7.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6981.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/zimbra/zm-zcs-lib","events":[{"introduced":"0"},{"fixed":"a1cbf80618e47b3cf0894cbbcaec1da9bece583c"},{"fixed":"6e5ea502a8b78a16e1c2d1d51331b62c31eb4c7e"},{"introduced":"a1cbf80618e47b3cf0894cbbcaec1da9bece583c"},{"last_affected":"f44a0aee0f5b049a48b4400c0a0332a2817a3f19"}],"database_specific":{"source":["CPE_RANGE","CPE_STRING"],"cpe":["cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p3:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p4:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:-:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p3:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:-:*:*:*:*:*:*","cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:-:*:*:*:*:*:*"],"extracted_events":[{"introduced":"8.7.0"},{"fixed":"8.7.11"},{"introduced":"8.8.0"},{"fixed":"8.8.9"},{"introduced":"8.7.11-NA"},{"last_affected":"8.7.11-NA"},{"introduced":"8.7.11-p3"},{"last_affected":"8.7.11-p3"},{"introduced":"8.7.11-p4"},{"last_affected":"8.7.11-p4"},{"introduced":"8.8.9-NA"},{"last_affected":"8.8.9-NA"},{"introduced":"8.8.9-p3"},{"last_affected":"8.8.9-p3"},{"introduced":"8.8.10-NA"},{"last_affected":"8.8.10-NA"},{"introduced":"8.8.11-NA"},{"last_affected":"8.8.11-NA"}]}}],"versions":["8.7.11-NA","8.7.11-p3","8.8.10-NA","8.8.11-NA","8.8.9-NA","8.8.9-p3","8.8.11","8.8.10","8.8.9","8.8.8","8.7.11","8.8.7","8.8.6","8.8.5","8.8.4","8.8.3","8.8.2","8.8.0.beta1","8.7.10","8.7.9","8.7.7","8.7.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6981.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}