#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

Zimbra | Breaking Cybersecurity News | The Hacker News

Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite

Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite

Oct 17, 2022
Zimbra has  released patches  to contain an actively exploited security flaw in its enterprise collaboration suite that could be leveraged to upload arbitrary files to vulnerable instances. Tracked as  CVE-2022-41352  (CVSS score: 9.8), the issue affects a component of the Zimbra suite called  Amavis , an open source content filter, and more specifically, the cpio utility it uses to scan and extract archives. The flaw, in turn, is said to be rooted in another underlying vulnerability ( CVE-2015-1197 ) that was first disclosed in early 2015, which  according to Flashpoint  was rectified, only to be subsequently reverted in later Linux distributions. "An attacker can use cpio package to gain incorrect access to any other user accounts," Zimbra said in an advisory published last week, adding it "recommends pax over cpio." Fixes are available in the following versions - Zimbra 9.0.0 Patch 27 Zimbra 8.8.15 Patch 34 All an adversary seeking needs to do to weapo
Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite

Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite

Oct 08, 2022
A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue. The shortcoming, assigned  CVE-2022-41352 , carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected installations. "The vulnerability is due to the method ( cpio ) in which Zimbra's antivirus engine ( Amavis ) scans inbound emails," cybersecurity firm Rapid7  said  in an analysis published this week. The issue is said to have been abused since early September 2022, according to  details  shared on Zimbra forums. While a fix is yet to be released, the software services company is urging users to install the "pax" utility and restart the Zimbra services. "If the  pax package  is not installed, Amavis will fall-back to using cpio, unfortunately the fall-back is i
Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability

Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability

Aug 12, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday  added  two flaws to its  Known Exploited Vulnerabilities Catalog , citing evidence of active exploitation. The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve unauthenticated remote code execution on affected email servers - CVE-2022-27925  (CVSS score: 7.2) - Remote code execution (RCE) through mboximport from authenticated user (fixed in  versions  8.8.15 Patch 31 and 9.0.0 Patch 24 released in March) CVE-2022-37042  - Authentication bypass in MailboxImportServlet (fixed in  versions  8.8.15 Patch 33 and 9.0.0 Patch 26 released in August) "If you are running a Zimbra version that is older than Zimbra 8.8.15 patch 33 or Zimbra 9.0.0 patch 26 you should update to the latest patch as soon as possible," Zimbra  warned  earlier this week. CISA has not shared any information on the attacks exploiting the flaws but cybersecurity fi
CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog

CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog

Aug 05, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its  Known Exploited Vulnerabilities Catalog , citing  evidence of active exploitation . The issue in question is  CVE-2022-27924  (CVSS score: 7.5), a command injection flaw in the platform that could lead to the execution of arbitrary Memcached commands and theft of sensitive information. "Zimbra Collaboration (ZCS) allows an attacker to inject memcached commands into a targeted instance which causes an overwrite of arbitrary cached entries," CISA said. Specifically, the bug relates to a case of insufficient validation of user input that, if successfully exploited, could enable attackers to steal cleartext credentials from users of targeted Zimbra instances. The issue was  disclosed  by SonarSource in June, with  patches  released by Zimbra on May 10, 2022, in versions 8.8.15 P31.1 and 9.0.0 P24.1. CISA hasn
New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers

New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers

Jun 29, 2022
A new security vulnerability has been disclosed in RARlab's UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary. The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive. Following responsible disclosure on May 4, 2022, the shortcoming was addressed by RarLab as part of  version 6.12  released on May 6. Other versions of the software, including those for Windows and Android operating systems, are not impacted. "An attacker is able to create files outside of the target extraction directory when an application or victim user extracts an untrusted archive," SonarSource researcher Simon Scannell  said  in a Tuesday report. "If they can write to a known location, they are likely to be able to leverage it in a way leading to the execution of arb
New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials

New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials

Jun 14, 2022
A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction. "With the consequent access to the victims' mailboxes, attackers can potentially escalate their access to targeted organizations and gain access to various internal services and steal highly sensitive information," SonarSource  said  in a report shared with The Hacker News. Tracked as  CVE-2022-27924  (CVSS score: 7.5), the issue has been characterized as a case of "Memcached poisoning with unauthenticated request," leading to a scenario where an adversary can inject malicious commands and siphon sensitive information. This is made possible by poisoning the IMAP route cache entries in the Memcached server that's used to look up Zimbra users and forward their HTTP requests to appropriate backend services. Memcached is an in-memory key-value sto
CISA adds recently disclosed Zimbra bug to its Exploited Vulnerabilities Catalog

CISA adds recently disclosed Zimbra bug to its Exploited Vulnerabilities Catalog

Mar 01, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA)  expanded  its Known Exploited Vulnerabilities Catalog to include a recently disclosed zero-day flaw in the Zimbra email platform citing evidence of active exploitation in the wild. Tracked as  CVE-2022-24682  (CVSS score: 6.1), the issue concerns a cross-site scripting (XSS) vulnerability in the Calendar feature in Zimbra Collaboration Suite that could be abused by an attacker to trick users into downloading arbitrary JavaScript code simply by clicking a link to exploit URLs in phishing messages. The Known Exploited Vulnerabilities Catalog is a  repository  of security flaws that have been seen abused by threat actors in attacks and that are required to be patched by Federal Civilian Executive Branch (FCEB) agencies. The vulnerability came to light on February 3, 2022, when cybersecurity firm Volexity  identified  a series of targeted spear-phishing campaigns aimed at European government and media entities that leve
Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users

Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users

Feb 04, 2022
A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation — codenamed " EmailThief " — was detailed by cybersecurity company Volexity in a technical report published Thursday, noting that successful exploitation of the cross-site scripting (XSS) vulnerability could result in the execution of arbitrary JavaScript code in the context of the user's Zimbra session. Volexity attributed the intrusions, which started on December 14, 2021, to a previously undocumented hacking group it's tracking under the moniker TEMP_HERETIC, with the assaults aimed at European government and media entities. The zero-day bug impacts the most recent open-source edition of Zimbra running  version 8.8.15 . The attacks are believed to have occurred in two phases; the first stage aimed at reconnaissance and distribut
New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email

New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email

Jul 27, 2021
Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. The flaws — tracked as CVE-2021-35208 and CVE-2021-35208 — were discovered and reported in Zimbra 8.8.15 by researchers from code quality and security solutions provider SonarSource in May 2021. Mitigations have since been  released  in Zimbra versions 8.8.15 Patch 23 and 9.0.0 Patch 16. CVE-2021-35208  (CVSS score: 5.4) - Stored XSS Vulnerability in ZmMailMsgView.java CVE-2021-35209  (CVSS score: 6.1) - Proxy Servlet Open Redirect Vulnerability "A combination of these vulnerabilities could enable an unauthenticated attacker to compromise a complete Zimbra webmail server of a targeted organization,"  said  SonarSource vulnerability researcher, Simon Scannell, who identif
More Resources

Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.