Security News > 2023 > July > Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation
Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild.
Additional details about the flaw are currently unavailable.
While the company did not disclose details of active exploitation, Google Threat Analysis Group researcher Maddie Stone said it discovered the cross-site scripting flaw being abused in the wild as part of a targeted attack.
The disclosure comes as Cisco released patches to remediate a critical flaw in its SD-WAN vManage software that could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.
"A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance," the company said.
"A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance."
News URL
https://thehackernews.com/2023/07/zimbra-warns-of-critical-zero-day-flaw.html
Related news
- Zero-day exploitation surged in 2023, Google finds (source)
- Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (source)
- Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks (source)
- New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation (source)