Security News > 2022 > August > CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation.
The issue in question is CVE-2022-27924, a command injection flaw in the platform that could lead to the execution of arbitrary Memcached commands and theft of sensitive information.
"Zimbra Collaboration allows an attacker to inject memcached commands into a targeted instance which causes an overwrite of arbitrary cached entries," CISA said.
Specifically, the bug relates to a case of insufficient validation of user input that, if successfully exploited, could enable attackers to steal cleartext credentials from users of targeted Zimbra instances.
The issue was disclosed by SonarSource in June, with patches released by Zimbra on May 10, 2022, in versions 8.8.15 P31.1 and 9.0.0 P24.1.
CISA hasn't shared technical details of the attacks that exploit the vulnerability in the wild and has yet to attribute it to a certain threat actor.
News URL
https://thehackernews.com/2022/08/cisa-adds-zimbra-email-vulnerability-to.html
Related news
- CISA urges software devs to weed out SQL injection vulnerabilities (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- Security Vulnerability of HTML Emails (source)
- CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability (source)
- CISA urges software devs to weed out path traversal vulnerabilities (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-21 | CVE-2022-27924 | Injection vulnerability in Zimbra Collaboration 8.8.15/9.0.0 Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. | 5.0 |