Multiple Vulnerabilities Patched In Zimbra Collaboration Suite (ZCS)

Posted by Author Abhishek Rautela on Posted on

Zimbra has issued a security update to address multiple vulnerabilities in its Collaboration Suite (ZCS) product. The CVEs patched in the latest security update of ZCS are CVE-2022-27926, CVE-2021-40438, CVE-2021-39275, CVE-2021-21702, CVE-2022-27925, and CVE-2022-27924.

CISA has included CVE-2022-27926 in its Known Exploited Vulnerabilities Catalog.

Zimbra Collaboration Suite is a widely deployed web client and email server that provides complete email, address book, calendar, and task solutions. All the apps are available on Zimbra Web Client, Zimbra Desktop offline client, Outlook, and various other email clients and mobile devices.

Description

CVE-2021-40438
Zimbra has upgraded its Apache Server version to 2.4.53 to address multiple vulnerabilities.

CVE-2021-39275
Zimbra has upgraded its Apache Server version to 2.4.53 to address multiple vulnerabilities.

CVE-2021-21702
Zimbra has upgraded its PHP version to 7.4.27 to address a Denial-of-Service vulnerability.

CVE-2022-27926
Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability, allowing an endpoint URL to accept parameters without sanitizing.

CVE-2022-27925
Zimbra Collaboration Suite (ZCS) is vulnerable to Remote Code Execution (RCE) through “mboximport” from an authenticated user. The mboximport module is used by ZCS to extract zip archives.

CVE-2022-27924
Zimbra Collaboration Suite (ZCS) is vulnerable to Memcached poisoning vulnerability allowing an attacker to exploit the vulnerability via an unauthenticated request.

Affected Versions

  • Zimbra Collaboration Suite (ZCS) 9.0.0 before patch 24
  • Zimbra Collaboration Suite (ZCS) 8.8.15 before patch 31

Mitigation

Zimbra has patched the vulnerability in the following versions:

  • Zimbra Collaboration Suite (ZCS) 9.0.0 patch 24
  • Zimbra Collaboration Suite (ZCS) 8.8.15 patch 31

For more information, please refer to the Zimbra security advisory.

Qualys Detection

Qualys customers can scan their devices with QIDs 378336 and 376769 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://wiki.zimbra.com/wiki/Security_Center
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24#Security_Fixes
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P31#Security_Fixes

Leave a Reply

Your email address will not be published. Required fields are marked *