"A combination of these vulnerabilities could enable an unauthenticated attacker to compromise a complete Zimbra webmail server of a targeted organization," said SonarSource vulnerability researcher, Simon Scannell, who identified the security weaknesses. CVE-2021-35209 (CVSS score: 6.1) - Proxy Servlet Open Redirect Vulnerability.CVE-2021-35208 (CVSS score: 5.4) - Stored XSS Vulnerability in ZmMailMsgView.java.Mitigations have since been released in Zimbra versions 8.8.15 Patch 23 and 9.0.0 Patch 16. The flaws - tracked as CVE-2021-35208 and CVE-2021-35208 - were discovered and reported in Zimbra 8.8.15 by researchers from code quality and security solutions provider SonarSource in May 2021. Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |