On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed in its findings that they have discovered a high-severity vulnerability in the Zimbra email. Based on the evidence of active exploitation, the new vulnerability has now been added to its Known Exploited Vulnerabilities Catalog.
As of present, researchers are investigating CVE-2022-27924 (CVSS score: 7.5), a command injection flaw in the platform that could allow the execution of arbitrary Memcached commands and theft of important data.
These kinds of Vulnerabilities are very frequent and are oftenly seen, as per the data these vulnerabilities pose a higher risk to the federal enterprise.
“Zimbra Collaboration (ZCS) allows an attacker to inject Memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries”, CISA added.
The attack first was reported by SonarSource in June, with patches released by Zimbra on May 10, 2022, in versions 8.8.15 P31.1 and 9.0.0 P24.1.
Before Installing Patch 9.0.0 Patch 24.1, users are recommended to consider the following:
• Patches are accumulative.
• Zimlet patches remove existing Zimlets and redeploy the patched Zimlet.
• Before applying the patch, a full backup should be performed. […]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: