Zimbra Zero-Day Demands Urgent Manual Update

  /     /     /  
Publicated : 23/11/2024   Category : security


Zimbra Zero-Day Demands Urgent Manual Update


A bug in Zimbra email servers is already being exploited in the wild, Google TAG researchers warn.



Teams running the Zimbra Collaboration Suite version 8.8.15 are urged to apply a manual fix against a recently discovered zero-day vulnerability thats being actively exploited in the wild.
The Zimbra cloud suite offers email, calendar functions, and other enterprise collaboration tools. The vulnerability compromises the security of data on Zimbra servers, the company said in its security advisory.
A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced, the company said. We take this matter very seriously and have already taken immediate action to address the issue.
The
reflected cross-site scripting (XSS) vulnerability
was discovered by Google Threat Analysis Group (TAG) researcher Clément Lecigne. Fellow TAG researcher Maddie Stone confirmed the
Zimbra zero-day is being targeted in the wild
in a July 13 tweet. 
Although Zimbra has a fix, it wont roll out automatically until its scheduled July update, which is why the company is asking customers to manually apply a fix to all mailbox nodes.
The company urges its users take the following steps:
Take a backup of the file /opt/zimbra/jetty/webapps/zimbra/m/momoveto
Edit this file and go to line number 40
Update the parameter value as below

Before the update, the line appeared as below

After the update, the line should appear as below:

Zimbra added in its security advisory
 that a service restart is not required. 
The risk for not patching is real: Zimbra products are popular among advanced persistent threat (APT) and other cyber-threat groups. Earlier this year, the North Korean government was discovered using a
Zimbra zero-day vulnerability
to spy on a collection of medical and energy sector organizations. Months earlier, in late 2022, threat actors were discovered actively exploiting a a remote code execution
vulnerability in Zimbra email servers
.
Last November, the Cybersecurity and Infrastructure Security Agency (CISA) issued a blanket warning that if enterprises were running
Zimbra collaboration suites
, they should assume they have been compromised.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Zimbra Zero-Day Demands Urgent Manual Update