Zimbra Fixes Under-Attack Code Execution Bug


Zimbra, a maker of messaging and collaboration software, has hurriedly released patches to address a code execution vulnerability that has already been used to install malware on target computers.

The patches were released more than a week after Rapid7’s malware researchers discovered indications that the Zimbra Collaboration (ZCS) suite was being targeted by zero-day exploits. The flaw, identified as CVE-2022-41352, enables remote code execution and lets an attacker install a shell in the web root.

The bug, which has a CVSS severity rating of 9.8/10, could give an attacker the opportunity to access the cio package in an erroneous manner for any other user accounts. Zimbra fixed numerous cross-site scripting (XSS) vulnerabilities that put webmail users at risk of data breach attacks.

Read More: Zimbra Patches Under-Attack Code Execution Bug

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.