Security News > 2023 > July > Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation
Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild.
Additional details about the flaw are currently unavailable.
While the company did not disclose details of active exploitation, Google Threat Analysis Group researcher Maddie Stone said it discovered the cross-site scripting flaw being abused in the wild as part of a targeted attack.
The disclosure comes as Cisco released patches to remediate a critical flaw in its SD-WAN vManage software that could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.
"A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance," the company said.
"A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance."
News URL
https://thehackernews.com/2023/07/zimbra-warns-of-critical-zero-day-flaw.html
Related news
- Cleo patches critical zero-day exploited in data theft attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (source)
- Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation (source)
- CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- Critical zero-days impact premium WordPress real estate plugins (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix (source)