Zimbra recently addressed a severe zero-day vulnerability found actively exploited in the wild. While the vulnerability previously received a fix, Zimbra re-released the XSS zero-day patch with the latest software version, urging users to update.
Active Exploitation Detected For Zimbra XSS Zero-Day Vulnerability
Zimbra recently rolled out a critical update, urging all users to update immediately, following the reports about active exploitation of a security flaw. Specifically, the zero-day vulnerability affects the Zimbra Collaboration Suite (ZCS) email servers, allowing an adversary to perform cross-site scripting (XSS) attacks.
As stated in the advisory, the latest ZCS version 10.0.2 addresses numerous security issues, including an XSS zero-day CVE-2023-38750.
This vulnerability first caught the attention of the researcher Clément Lecigne from Google Threat Analysis Group. Following his report, Zimbra patched the flaw with the release of ZCS 8.8.15, asking users to update their systems manually. Zimbra didn’t disclose anything about active exploitation attempts for the flaw at that time. However, another Google TAG researcher Maddie Stone, confirmed in a tweet that the vulnerability went under attack before the patch could arrive.
.@_clem1 discovered this being used in-the-wild in a targeted attack. Thank you to @Zimbra for publishing this advisory and mitigation advice! If you run Zimbra Collaboration Suite, please go manually apply the fix! #itw0days https://t.co/lqwt0kOFWA
— Maddie Stone (@maddiestone) July 13, 2023
Now, a couple of weeks following the initial disclosure, Zimbra has released another major update with the patch for CVE-2023-38750. Regarding the flaw, the release notes simply describe it as a vulnerability exposing internal JSP and XML files.
In addition to this XSS, the latest update also addressed another vulnerability – CVE-2023-0464. The advisory describes it as an OpenSSL package vulnerability “related to the verification of X.509 certificate chains that include policy constraints.”
Besides Zimbra and the researchers’ community, the US CISA also urged all Zimbra users to update their devices with the latest ZCS versions. CISA also added this vulnerability to its Known Exploited Vulnerabilities Catalog, emphasizing all federal organizations update their systems as well.
Before this vulnerability, CISA also warned all organizations of another zero-day affecting Ivanti EPMM, adding the flaw to its catalog.
Let us know your thoughts in the comments.