Zimbra is urging administrators to manually fix the zero-day bug that is being exploited to compromise Zimbra Collaboration Suite (ZCS) email servers.
Zimbra is an email and collaboration platform currently used by more than 200,000 businesses in more than 140 countries, including more than 1,000 governments and financial institutions worldwide.
According to Bleeping Computer, Synacor – the parent company of Zimbra – has warned of a security vulnerability in ZCS version 8.8.15 that could potentially affect the security and integrity of data. The fix is expected to be rolled out in July.
vulnerability The still-unassigned CVE by security researcher Clement Lecigne of Google exploits the Cross-Site Scripting (XSS) bug discovered and reported ‘s Threat Analysis Group (TAG). Threat actors can steal sensitive user information or execute malicious code on vulnerable systems
Although Zimbra did not say whether the vulnerability was used in attacks, Maddie Stone of the Google TAG team said the discovery of the XSS vulnerability was because it was part of a targeted attack.
While it has not yet provided a security patch to address the exploited zero-day, Zimbra has provided a fix that administrators can install manually to remove the attack vector. The fix can be applied without restarting the Zimbra service.
In recent years, many Zimbra bugs have been used by hackers to compromise hundreds of email servers around the world. In June 2022, Zimbra’s remote code execution and authentication bypass flaws were exploited to infiltrate more than 1,000 servers. By September of the same year, hackers exploited an unpatched RCE vulnerability in ZCS, damaging nearly 900 servers in just two months.
The Russian hacker group Winter Vivern also targeted another XSS bug in Zimbra in February 2023 to compromise the online email portals of NATO-affiliated governments and steal the emails of officials, governments, military personnel and government officials