Headline
Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation
Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild. “A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced,” the company said in an advisory. It also said that the issue has been addressed and that it’s expected to
Email Security / Vulnerability
Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild.
“A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced,” the company said in an advisory.
It also said that the issue has been addressed and that it’s expected to be delivered in the July patch release. Additional details about the flaw are currently unavailable.
In the interim, it is urging customers to apply a manual fix to eliminate the attack vector -
- Take a backup of the file /opt/zimbra/jetty/webapps/zimbra/m/momoveto
- Edit this file and go to line number 40
- Update the parameter value as: <input name="st" type="hidden" value="${fn:escapeXml(param.st)}"/>
- Before the update, the line appeared as: <input name="st" type="hidden" value="${param.st}"/>
While the company did not disclose details of active exploitation, Google Threat Analysis Group (TAG) researcher Maddie Stone said it discovered the cross-site scripting (XSS) flaw being abused in the wild as part of a targeted attack. TAG researcher Clément Lecigne has been credited with discovering and reporting the bug.
UPCOMING WEBINAR
Shield Against Insider Threats: Master SaaS Security Posture Management
Worried about insider threats? We’ve got you covered! Join this webinar to explore practical strategies and the secrets of proactive security with SaaS Security Posture Management.
Join Today
The disclosure comes as Cisco released patches to remediate a critical flaw in its SD-WAN vManage software (CVE-2023-20214, CVSS score: 9.1) that could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.
“A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance,” the company said. “A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance.”
The vulnerability has been addressed in versions 20.6.3.4, 20.6.4.2, 20.6.5.5, 20.9.3.2, 20.10.1.2, and 20.11.1.2. The networking equipment major said it’s not aware of any malicious use of the flaw.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Related news
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI.