uTalk

Official forum for Utopia Community

You are not logged in.

#1 2023-07-14 23:19:01

thrive
Member
Registered: 2023-01-04
Posts: 2,575

Zimbra Issues Warning Regarding Critical 0-Day Email Software Flaw

fH6zyNT.png
A serious zero-day security vulnerability in Zimbra's email software has been identified and is currently being actively exploited in the wild, the company has warned.

A security flaw in the 8.8 version of the Zimbra Collaboration Suite. 15 have emerged that may have an effect on the integrity and confidentiality of your data, the business warned in a warning.

In addition, it stated that the problem had been solved and that a patch release in July would bring it to light. There are currently no additional details available regarding the bug.

Customers are being urged to perform a manual fix in the interim to close the attack vector.

Copy the file /opt/zimbra/jetty/webapps/zimbra/m/momoveto into a backup.
Mark line 40 in this file for editing.

Input the following value for the parameter:.

The line read: prior to the update.
Cross-site scripting (XSS) flaw being exploited in the wild as part of a targeted attack, according to Google Threat Analysis Group (TAG) researcher Maddie Stone, who works for the company despite the fact that it withheld details of active exploitation. Clément Lecigne, a TAG researcher, is credited with finding and reporting the bug.

The information was made public at the same time that Cisco patched a serious software flaw in its SD-WAN vManage product (CVE-2023-20214, CVSS score: 9.1) that could have allowed an unauthenticated, remote attacker to gain read permissions or restricted write permissions to the configuration of a Cisco SD-WAN vManage instance that was affected.

According to the company, "a successful exploit could permit the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance.". "A successful exploit could give the attacker access to the configuration of the impacted Cisco vManage instance and allow them to retrieve and send information there. ".


Versions 20.6 have a fix for the vulnerability.
20.6, 3.4. 20.6, 4.2. 20.9, 5.5. Three twos, twenty tens.
1 and 2 as well as 21. 1.2. The company that manufactures networking equipment claimed it was unaware of any malicious use of the flaw.

Offline

Board footer

Powered by FluxBB