Security News > 2023 > November > Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups

Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
2023-11-16 16:09

A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens. "Most of this activity occurred after the initial fix became public on GitHub," Google Threat Analysis Group (TAG) said in a report shared with The Hacker News. The flaw, tracked as CVE-2023-37580 (CVSS score:


News URL

https://thehackernews.com/2023/11/zero-day-flaw-in-zimbra-email-software.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-07-31 CVE-2023-37580 Cross-site Scripting vulnerability in Zimbra
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
network
low complexity
zimbra CWE-79
6.1
6.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zimbra 7 0 40 15 8 63