Zimbra Fixes Under-Attack Code Execution Bug


Share post:

Zimbra, a maker of messaging and collaboration software, has hurriedly released patches to address a code execution vulnerability that has already been used to install malware on target computers.

The patches were released more than a week after Rapid7’s malware researchers discovered indications that the Zimbra Collaboration (ZCS) suite was being targeted by zero-day exploits. The flaw, identified as CVE-2022-41352, enables remote code execution and lets an attacker install a shell in the web root.

The bug, which has a CVSS severity rating of 9.8/10, could give an attacker the opportunity to access the cio package in an erroneous manner for any other user accounts. Zimbra fixed numerous cross-site scripting (XSS) vulnerabilities that put webmail users at risk of data breach attacks.

TalkDev Bureau
TalkDev Bureau
The TalkDev Bureau has five well-trained writers and journalists, well versed in B2B enterprise technology industry, and constantly in touch with industry leaders for the latest trends, opinions, and other inputs- to bring you the best and latest in the domain.


Please enter your comment!
Please enter your name here


Related articles

Mojo Vision Collaborates with DigiLens to Integrate High-Performance micro-LED with Breakthrough SRG+ Technology and Waveguides

Mojo Vision has collaborated with DigiLens to integrate its micro-LED technology with DigiLens' breakthrough surface relief gratings (SRG)...

Airbyte Unveils Data Infrastructure Content Hub for Data Engineers

Airbyte, an open-source data integration platform, declared the launch of a new comprehensive content hub for data engineers...

Why Component-Based is the Future of Front-End Development

Component-based development has transformed the methodologies of front-end development, giving the procedure the much-needed speedup At the time, developers...

Console Connect and Vultr Partner to Deliver On-Demand Cloud Access Worldwide

This week at CloudFest USA, Console Connect, a leading Network-as-a-Service (NaaS) platform, and Vultr, the world’s largest privately held cloud...