Zimbra Fixes A Zero-Day Vulnerability Exploited in Attacks

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

The vulnerability (CVE-2023-37580) in Zimbra Collaboration Suite (ZCS) version 8.8.15 is a Cross-Site Scripting (XSS) flaw in the Zimbra Classic Web Client interface. Its impact is severe as it can compromise the confidentiality and integrity of the user’s data. The exploitation of this vulnerability has already been observed in targeted cyberattacks, posing significant risks to the affected systems and their users.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.