Zimbra Fixes A Zero-Day Vulnerability Exploited in Attacks
Zimbra Fixes A Zero-Day Vulnerability Exploited in Attacks
Threat Level
Vulnerability Report
For a detailed threat advisory, download the pdf file here
Summary
The vulnerability (CVE-2023-37580) in Zimbra Collaboration Suite (ZCS) version 8.8.15 is a Cross-Site Scripting (XSS) flaw in the Zimbra Classic Web Client interface. Its impact is severe as it can compromise the confidentiality and integrity of the user’s data. The exploitation of this vulnerability has already been observed in targeted cyberattacks, posing significant risks to the affected systems and their users.
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.