Security

Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS

Zimbra addressed a zero-day vulnerability exploited in attacks aimed at Zimbra Collaboration Suite (ZCS) email servers.

Two weeks ago Zimbra urged customers to manually install updates to fix a zero-day vulnerability, now tracked as CVE-2023-38750, that is actively exploited in attacks against Zimbra Collaboration Suite (ZCS) email servers.

Zimbra Collaboration Suite is a comprehensive open-source messaging and collaboration platform that provides email, calendaring, file sharing, and other collaboration tools. It was developed by Zimbra, Inc

The vulnerability is reflected Cross-Site Scripting (XSS) that was discovered by Clément Lecigne of Google Threat Analysis Group (TAG). Google TAG researchers focus on identifying and countering advanced and persistent threats. The primary task of the Google TAG is to investigate and mitigate targeted and sophisticated cyber threats, including state-sponsored hacking and hacking groups involved in coordinated attacks.

Almost any vulnerability reported by Google TAG in the past was part of exploits used by APT groups in targeted attacks. The popular security researcher Maddie Stone from Google TAG confirmed that this issue was used by an APT group too.

Zimbra this week released version ZCS 10.0.2 which also addressed the vulnerability.

“The release includes security fixes for a bug that could lead to exposure of internal JSP and XML files has been fixed” reads the advisory.

CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog and ordered federal agencies to fix this flaw by August 17, 2023.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.” reads the CISA’s announcement

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

Follow me on Twitter: @securityaffairs Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Zimbra)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

U.S. CISA adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog<gwmw style="display:none;"></gwmw>

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux Kernel flaws to its Known Exploited Vulnerabilities…

5 hours ago

AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites

AkiraBot, a CAPTCHA-evading Python framework, has spammed over 80,000 websites with AI-generated messages, targeting small…

10 hours ago

An APT group exploited ESET flaw to execute malware<gwmw style="display:none;"></gwmw>

At least one APT group has exploited a vulnerability in ESET software to stealthily execute…

12 hours ago

Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected

Oracle confirmed a hacker stole credentials from two obsolete servers but said no Oracle Cloud…

14 hours ago

National Social Security Fund of Morocco Suffers Data Breach

Threat actor 'Jabaroot' claims breach of National Social Security Fund of Morocco, aiming to steal…

1 day ago

Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords<gwmw style="display:none;"></gwmw><gwmw style="display:none;"></gwmw>

Fortinet addressed a critical vulnerability in its FortiSwitch devices that can be exploited to change…

1 day ago

This website uses cookies.