Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS

Zimbra addressed a zero-day vulnerability exploited in attacks aimed at Zimbra Collaboration Suite (ZCS) email servers.

Two weeks ago Zimbra urged customers to manually install updates to fix a zero-day vulnerability, now tracked as CVE-2023-38750, that is actively exploited in attacks against Zimbra Collaboration Suite (ZCS) email servers.

Zimbra Collaboration Suite is a comprehensive open-source messaging and collaboration platform that provides email, calendaring, file sharing, and other collaboration tools. It was developed by Zimbra, Inc

The vulnerability is reflected Cross-Site Scripting (XSS) that was discovered by Clément Lecigne of Google Threat Analysis Group (TAG). Google TAG researchers focus on identifying and countering advanced and persistent threats. The primary task of the Google TAG is to investigate and mitigate targeted and sophisticated cyber threats, including state-sponsored hacking and hacking groups involved in coordinated attacks.

Almost any vulnerability reported by Google TAG in the past was part of exploits used by APT groups in targeted attacks. The popular security researcher Maddie Stone from Google TAG confirmed that this issue was used by an APT group too.

Zimbra this week released version ZCS 10.0.2 which also addressed the vulnerability.

“The release includes security fixes for a bug that could lead to exposure of internal JSP and XML files has been fixed” reads the advisory.

CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog and ordered federal agencies to fix this flaw by August 17, 2023.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.” reads the CISA’s announcement

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

Follow me on Twitter: @securityaffairs Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Zimbra)

Pierluigi Paganini: Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

This website uses cookies.