Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation
by kitang - Tuesday July 18, 2023 at 09:10 AM
#1
Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation

Source:
https://thehackernews.com/2023/07/zimbra...-flaw.html

[Image: email.jpg]

Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild.

"A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced," the company said in an advisory.

It also said that the issue has been addressed and that it's expected to be delivered in the July patch release. Additional specifics about the flaw are currently unavailable, although Zimbra said it fixed the issue through input sanitization.

In the interim, it is urging customers to apply a manual fix to eliminate the attack vector -

    Take a backup of the file /opt/zimbra/jetty/webapps/zimbra/m/momoveto
    Edit this file and go to line number 40
    Update the parameter value as: <input name="st" type="hidden" value="${fn:escapeXml(param.st)}"/>
    Before the update, the line appeared as: <input name="st" type="hidden" value="${param.st}"/>

While the company did not disclose details of active exploitation, Google Threat Analysis Group (TAG) researcher Maddie Stone said it discovered the cross-site scripting (XSS) flaw being abused in the wild as part of a targeted attack. TAG researcher Clément Lecigne has been credited with discovering and reporting the bug.

The disclosure comes as Cisco released patches to remediate a critical flaw in its SD-WAN vManage software (CVE-2023-20214, CVSS score: 9.1) that could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.

"A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance," the company said. "A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance."

The vulnerability has been addressed in versions 20.6.3.4, 20.6.4.2, 20.6.5.5, 20.9.3.2, 20.10.1.2, and 20.11.1.2. The networking equipment major said it's not aware of any malicious use of the flaw.
Reply
#2
ok cool! i got a target, what now?
Hidden Content
You must register or login to view this content.
Reply
#3
yes, malas ransomware has play on it
Ban reason: Banned on DF (Permanent)
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  @emo Telegram zero day Exploit lulagain 16 2,218 02-09-2026, 01:58 PM
Last Post: etyhtrtgfrt
  Critical breach: RedDelta has gained control of military servers 11ndra 1 594 01-31-2026, 02:53 PM
Last Post: vinh
  Chinese hackers targeted email systems of US congressional staff 0xAm8r4 3 286 01-28-2026, 06:34 AM
Last Post: user_yufeng
  UK govt. warns about ongoing Russian hacktivist group attacks Shadowraser 4 249 01-27-2026, 08:27 PM
Last Post: exxxiko
  WinRAR zero-day exploited to plant malware on archive extraction lulagain 1 303 12-22-2025, 10:19 AM
Last Post: gu3st



 Users browsing this thread: