Zimbra Issues Urgent Warning to Users About Zero-Day Flaw in Email Software
A serious zero-day security issue in Zimbra‘s email software has been actively exploited in the wild, the company has warned.
“A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced,” the company said in an advisory.
The problem has been fixed, and a patch release in July is anticipated, according to the statement. There are no other details available at this time regarding the bug.
In the interim, it is urging customers to apply a manual fix to eliminate the attack vector –
- Take a backup of the file /opt/zimbra/jetty/webapps/zimbra/m/momoveto
- Edit this file and go to line number 40
- Update the parameter value as: <input name=”st” type=”hidden” value=”${fn:escapeXml(param.st)}”/>
- Before the update, the line appeared as: <input name=”st” type=”hidden” value=”${param.st}”/>
Our Reader ALSO READ
Apple Releases Emergency Update to Fix Zero-Day Flaw in WebKit
Cross-site scripting (XSS) weakness was found to be exploited in the wild as part of a targeted assault, according to Google Threat Analysis Group (TAG) analyst Maddie Stone, even though the company withheld specifics of active exploitation. Clément Lecigne, a TAG researcher, is credited for finding and reporting the flaw.
The information was made public at the same time that Cisco patched a serious software flaw in its SD-WAN vManage product (CVE-2023-20214, CVSS score: 9.1) that could have given an unauthenticated, remote attacker access to the configuration of a Cisco SD-WAN vManage instance that was affected.
A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance.
Cisco
The vulnerability has been addressed in versions 20.6.3.4, 20.6.4.2, 20.6.5.5, 20.9.3.2, 20.10.1.2, and 20.11.1.2. The networking equipment major said it’s not aware of any malicious use of the flaw.
