Saturday, August 20, 2022
HomeCyber SecurityCISA Provides Zimbra E mail Vulnerability to its Exploited Vulnerabilities Catalog

CISA Provides Zimbra E mail Vulnerability to its Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added a just lately disclosed high-severity vulnerability within the Zimbra e-mail suite to its Identified Exploited Vulnerabilities Catalog, citing proof of energetic exploitation.

The problem in query is CVE-2022-27924 (CVSS rating: 7.5), a command injection flaw within the platform that would result in the execution of arbitrary Memcached instructions and theft of delicate info.


“Zimbra Collaboration (ZCS) permits an attacker to inject memcached instructions right into a focused occasion which causes an overwrite of arbitrary cached entries,” CISA mentioned.

Particularly, the bug pertains to a case of inadequate validation of consumer enter that, if efficiently exploited, may allow attackers to steal cleartext credentials from customers of focused Zimbra situations.

The problem was disclosed by SonarSource in June, with patches launched by Zimbra on Could 10, 2022, in variations 8.8.15 P31.1 and 9.0.0 P24.1.

CISA hasn’t shared technical particulars of the assaults that exploit the vulnerability within the wild and has but to attribute it to a sure risk actor.

Within the mild of energetic exploitation of the flaw, customers are advisable to use the updates to the software program to cut back their publicity to potential cyberattacks.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments