What is CVE-2019-6980 and which Zimbra versions are affected?

CVE-2019-6980 is a remote code execution vulnerability caused by insecure deserialization in Zimbra Collaboration Suite, affecting versions 8.7.x through 8.8.11. Exploitation typically relies on chaining with an SSRF vulnerability (CVE-2019-9621) to inject a malicious serialized object into the memcached cache, which is then deserialized when an IMAP request triggers the vulnerability. For a detailed walkthrough of the exploitation process, see the Zimbra Deserialization Vulnerability (CVE-2019-6980) Exploitation Test.