Attackers are exploiting a critical Zimbra Collaboration Suite cross-site scripting vulnerability. CVE-2023-37580 affects the Zimbra Classic Web Client. Successful exploitation of the vulnerability may allow an attacker to compromise the confidentiality and integrity of the target system. CISA has added the CVE-2023-37580 to its Known Exploited Vulnerabilities Catalog urging users to apply the patch before … Continue reading “Zimbra Collaboration Suite Cross-Site Scripting Vulnerability (CVE-2023-37580) Added to CISA Known Exploited Vulnerabilities Catalog”
Tag: Zimbra Collaboration Suite
Zimbra Collaboration Suite Cross-Site Scripting (XSS) Zero-day Vulnerability
There is a critical severity vulnerability affecting the Zimbra Collaboration Suite. The cross-site scripting vulnerability allows an attacker to impact the confidentiality and integrity of the user’s data. Zimbra has mentioned in the security update that “The fix is planned to be delivered in the July patch release.” Zimbra Collaboration Suite is a widely deployed … Continue reading “Zimbra Collaboration Suite Cross-Site Scripting (XSS) Zero-day Vulnerability”
Multiple Vulnerabilities Patched In Zimbra Collaboration Suite (ZCS)
Zimbra has issued a security update to address multiple vulnerabilities in its Collaboration Suite (ZCS) product. The CVEs patched in the latest security update of ZCS are CVE-2022-27926, CVE-2021-40438, CVE-2021-39275, CVE-2021-21702, CVE-2022-27925, and CVE-2022-27924. CISA has included CVE-2022-27926 in its Known Exploited Vulnerabilities Catalog. Zimbra Collaboration Suite is a widely deployed web client and email … Continue reading “Multiple Vulnerabilities Patched In Zimbra Collaboration Suite (ZCS)”
Zimbra Collaboration Suite Remote Code Execution Vulnerability (CVE-2022-41352)
Zimbra Collaboration Suite (ZCS) has an actively exploited remote code execution vulnerability. Tracked as CVE-2022-41352, is a critical severity vulnerability with a CVSS base score of 9.8. The vulnerability could allow an unauthenticated attacker to upload arbitrary files through Amavis (an email security system). Zimbra Collaboration Suite is a widely deployed web client and … Continue reading “Zimbra Collaboration Suite Remote Code Execution Vulnerability (CVE-2022-41352)”