CVE-2022-37041: 
Zimbra Collaboration Server vulnerability analysis and mitigation

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. The vulnerability allows the value of the X-Forwarded-Host header to overwrite the value of the Host header in proxied requests. The X-Forwarded-Host header value is not validated against the whitelist of hosts that ZCS is allowed to proxy to (the zimbraProxyAllowedDomains setting) (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. The issue is classified as a Server-Side Request Forgery (SSRF) vulnerability (CWE-918) that could allow unauthorized access to internal services (NVD).

The vulnerability allows attackers to bypass the host whitelist validation, potentially enabling unauthorized access to internal services through header manipulation. This could lead to high-severity integrity impacts while not affecting confidentiality or availability (NVD, Zimbra Security).

The vulnerability was fixed in Zimbra Collaboration Suite 9.0.0 Patch 26 and 8.8.15 Patch 33. Organizations are strongly advised to upgrade to these patched versions to mitigate the risk (Zimbra Advisories).

The vulnerability was reported by Nicolas VERDIER of onepoint. It was rated as having a Low severity impact by Zimbra despite its High CVSS score, suggesting some mitigating factors in real-world exploitation scenarios (Zimbra Advisories).