Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email. One flaw could be triggered just by opening malicious email containing a JavaScript payload. The second flaw is a powerful server-side request forgery (SSRF) vulnerability (CVE-2021-35209) that can be exploited by an authenticated account belonging to a targeted organization who has any permission role whatsoever. If combined, an attacker could get at access tokens including Google Cloud API tokens or AWS IAM credentials from instances within the cloud infrastructure.
Source: https://threatpost.com/zimbra-server-bugs-email-plundering/168188/