Security News > 2023 > July > Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation

Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild.

Additional details about the flaw are currently unavailable.

While the company did not disclose details of active exploitation, Google Threat Analysis Group researcher Maddie Stone said it discovered the cross-site scripting flaw being abused in the wild as part of a targeted attack.

The disclosure comes as Cisco released patches to remediate a critical flaw in its SD-WAN vManage software that could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.

"A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance," the company said.

"A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance."

News URL

https://thehackernews.com/2023/07/zimbra-warns-of-critical-zero-day-flaw.html