CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog

By Ravie Lakshmanan

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue in question is CVE-2022-27924 (CVSS score: 7.5), a command injection flaw in the platform that could lead to the execution of arbitrary

Related tags
August 5^th 2022 at 05:54

The Hacker News
New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials
June 14^th 2022 at 15:13

New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials

By Ravie Lakshmanan

A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction. "With the consequent access to the victims' mailboxes, attackers can potentially escalate their access to targeted organizations and gain access to various internal services and steal

Related tags
June 14^th 2022 at 15:13