A zero-day vulnerability has been discovered in the Zimbra Collaboration Suite version 8.8.15, prompting the company to urge users to apply a manual fix. The vulnerability poses a risk to the security of data stored on Zimbra servers. Zimbra is a cloud suite that offers email, calendar functions, and other collaboration tools for enterprises.
In a security advisory, Zimbra stated that the vulnerability could potentially compromise the confidentiality and integrity of user data. The company emphasized the seriousness of the matter and assured users that immediate action has been taken to address the issue.
The vulnerability, known as a reflected cross-site scripting (XSS) vulnerability, was uncovered by Clément Lecigne, a researcher from Google’s Threat Analysis Group (TAG). Lecigne’s colleague, Maddie Stone, confirmed in a tweet that the zero-day vulnerability is being actively exploited in the wild.
While Zimbra has developed a fix for the vulnerability, it will not be rolled out automatically until the scheduled July update. Therefore, users are advised to manually apply the fix to all mailbox nodes. Zimbra provided step-by-step instructions for users to follow in order to implement the fix, including taking a backup of a specific file and making edits to the file.
Zimbra emphasized that a service restart is not required after applying the fix. The company also provided a link to its security advisory for users to access more information about the vulnerability and the necessary steps to address it.
The risk of not patching the vulnerability is significant, as Zimbra products are a popular target for advanced persistent threat (APT) groups and other cyber-threat actors. Earlier this year, it was discovered that the North Korean government was using a Zimbra zero-day vulnerability to spy on medical and energy sector organizations. In late 2022, threat actors were actively exploiting a remote code execution vulnerability in Zimbra email servers.
This is not the first time Zimbra has faced security concerns. In November of last year, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning advising enterprises running Zimbra collaboration suites to assume they had been compromised.
In conclusion, Zimbra Collaboration Suite version 8.8.15 users are urged to take immediate action to address a zero-day vulnerability that is being actively exploited in the wild. By following the provided instructions, users can manually apply a fix to protect the confidentiality and integrity of their data. Given the history of Zimbra products being targeted by cyber-threat actors, it is crucial for users to prioritize security and stay vigilant against potential attacks.