Zimbra has warned of a critical zero-day security flaw in its email software that has been actively exploited in the wild.
“A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that has the potential to impact the confidentiality and integrity of your data has emerged,” the company said. said in an advisory.
It also says that the issue has been resolved and is expected to ship in the July patch release. Additional details about defects are currently unavailable.
For a while, it urged customers to implement manual repair to eliminate attack vectors –
- Take a backup of the file /opt/zimbra/jetty/webapps/zimbra/m/momoveto
- Edit this file and open line number 40
- Update parameter values as:
- Before the update the line appeared as:
While the company doesn’t disclose details of active exploits, Google Threat Analysis Group (TAG) researcher Maddie Stone said it finds cross-site scripts (XSS) flaw that is abused in the wild as part of a targeted attack. TAG researcher Clément Lecigne has been credited with finding and reporting the bug.
Protecting Against Insider Threats: SaaS Master Security Posture Management
Worried about insider threats? We are here to help you! Join this webinar to explore practical strategies and secrets to proactive security with SaaS Security Posture Management.
The disclosure comes as Cisco released a patch to remedy a critical flaw in its SD-WAN vManage software (CVE-2023-20214, CVSS score: 9.1) that allowed unauthenticated remote attackers to gain read permissions or limited write permissions for configurations from vManage instances Affected Cisco SD-WAN.
A successful exploit could allow an attacker to retrieve information from and send configuration information to the affected Cisco vManage instance. said. “A successful exploit could allow an attacker to retrieve information from and send configuration information to the affected Cisco vManage instance.”
The vulnerability has been addressed in versions 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, and 126.96.36.199. The network equipment department said it was not aware of any malicious use of the flaw.