What is CVE-2019-9621 and how does it affect Zimbra authentication?

CVE-2019-9621 is an SSRF vulnerability in Zimbra that allows an attacker to escalate a regular user token to an administrator token by abusing the `ProxyServlet.doProxy()` function. By sending a crafted request to `/service/proxy?target=https://127.0.0.1:7071/service/admin/soap`, the server proxies the request and returns an admin token. This technique is detailed in the Zimbra SOAP API Development Guide.