Select Page

Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild.

“A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced,” the company said in an advisory.

It also said that the issue has been addressed and that it’s expected to be delivered in the July patch release. Additional specifics about the flaw are currently unavailable, although Zimbra said it fixed the issue through input sanitization.

In the interim, it is urging customers to apply a manual fix to eliminate the attack vector –

  1. Take a backup of the file /opt/zimbra/jetty/webapps/zimbra/m/momoveto
  2. Edit this file and go to line number 40
  3. Update the parameter value as: <input name=”st” type=”hidden” value=”${fn:escapeXml(}”/>
  4. Before the update, the line appeared as: <input name=”st” type=”hidden” value=”${}”/>

While the company did not disclose details of active exploitation, Google Threat Analysis Group (TAG) researcher Maddie Stone said it discovered the cross-site scripting (XSS) flaw being abused in the wild as part of a targeted attack. TAG researcher Clément Lecigne has been credited with discovering and reporting the bug.

images from Hacker News