Zimbra Fixes Under-Attack Code Execution Bug


Share post:

Zimbra, a maker of messaging and collaboration software, has hurriedly released patches to address a code execution vulnerability that has already been used to install malware on target computers.

The patches were released more than a week after Rapid7’s malware researchers discovered indications that the Zimbra Collaboration (ZCS) suite was being targeted by zero-day exploits. The flaw, identified as CVE-2022-41352, enables remote code execution and lets an attacker install a shell in the web root.

The bug, which has a CVSS severity rating of 9.8/10, could give an attacker the opportunity to access the cio package in an erroneous manner for any other user accounts. Zimbra fixed numerous cross-site scripting (XSS) vulnerabilities that put webmail users at risk of data breach attacks.

TalkDev Bureau
TalkDev Bureau
The TalkDev Bureau has five well-trained writers and journalists, well versed in B2B enterprise technology industry, and constantly in touch with industry leaders for the latest trends, opinions, and other inputs- to bring you the best and latest in the domain.


Please enter your comment!
Please enter your name here


Related articles

KAP Project Services Releases All-in-One STO Software Platform

KAP Project Services proudly announces the launch of the new STOlogix software platform. KAP has been combining the...

Klas announces Kortex V for decentralized decision making

Klas, a global leader in edge technology, announces the availability of Kortex V, a scalable mobile command post...

Netskope To Deliver Security Service Edge Globally

Netskope, a leader in Secure Access Service Edge (SASE), today announced the completion of the rollout of Localization Zones to its NewEdge...

Rising Team Releases Mini Kits to Expand Its Team Development Platform

Rising Team announces its introduction of its Mini Kits. The Mini Kits will help leaders to increase trust...