Security News > 2023 > July > Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation
Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild.
Additional details about the flaw are currently unavailable.
While the company did not disclose details of active exploitation, Google Threat Analysis Group researcher Maddie Stone said it discovered the cross-site scripting flaw being abused in the wild as part of a targeted attack.
The disclosure comes as Cisco released patches to remediate a critical flaw in its SD-WAN vManage software that could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.
"A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance," the company said.
"A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance."
News URL
https://thehackernews.com/2023/07/zimbra-warns-of-critical-zero-day-flaw.html
Related news
- CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)