Zimbra Fixes Under-Attack Code Execution Bug


Share post:

Zimbra, a maker of messaging and collaboration software, has hurriedly released patches to address a code execution vulnerability that has already been used to install malware on target computers.

The patches were released more than a week after Rapid7’s malware researchers discovered indications that the Zimbra Collaboration (ZCS) suite was being targeted by zero-day exploits. The flaw, identified as CVE-2022-41352, enables remote code execution and lets an attacker install a shell in the web root.

The bug, which has a CVSS severity rating of 9.8/10, could give an attacker the opportunity to access the cio package in an erroneous manner for any other user accounts. Zimbra fixed numerous cross-site scripting (XSS) vulnerabilities that put webmail users at risk of data breach attacks.

TalkMartech Bureau
TalkMartech Bureau
TalkMarTech keeps marketing leaders updated with the newest technology innovations, disruptive tech initiatives, and the most relevant MarTech-stack updates and conversations across the globe.   ·.   ·


Please enter your comment!
Please enter your name here


Related articles

Sinequa Announces Jean Ferré as Co-Chief Executive Officer of the organization

Enterprise Search leader Sinequa today announced that Jean Ferré has succeeded Ulf Zetterberg as Co-Chief Executive Officer of the organization....

ZoomInfo Attains AWS Advertising and Marketing Technology Competency

ZoomInfo, the go-to-market platform to find, acquire, and grow customers, has achieved the Amazon Web Services (AWS) Advertising...

BMC Announces the BMC Helix Service Management solution

BMC, a global leader in software solutions for the Autonomous Digital Enterprise, and the first vendor to embed GPT across its...

mParticle Attains AWS Advertising and Marketing Technology Competency

mParticle, an AI-powered, real-time Customer Data Platform, announced today that it has achieved the Amazon Web Services (AWS)...