Security News > 2021 > July > Zimbra Server Bugs Could Lead to Email Plundering
Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email.
Zimbra webmail server has two flaws that could let an attacker paw through the inbox and outbox of all the employees in all the enterprises that use the immensely popular collaboration tool, researchers say.
According to Zimbra's site, its email and collaboration tools are used by over 200,000 businesses, over a thousand government and financial institutions, and hundreds of millions of users to exchange emails every day.
SonarSource researchers discovered two vulnerabilities in the open-source Zimbra code that can be chained together to give attackers unrestricted access to Zimbra mail servers and to all sent and received emails of all employees.
"Both vulnerabilities work on default configuration and are affecting the Zimbra core," he told the outlet: a lot of potential impact, given those 200,000 businesses to which Zimbra lays claim.
In April, a Zimbra bug - CVE-2019-9670, in Synacor Zimbra Collaboration Suite - was one of five flaws under nation-state attack that prompted a National Security Agency warning about an APT29 campaign that was bent on stealing credentials and more.
News URL
https://threatpost.com/zimbra-server-bugs-email-plundering/168188/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-29 | CVE-2019-9670 | XXE vulnerability in Synacor Zimbra Collaboration Suite mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml. | 9.8 |