Nov 16, 2023NewsroomVulnerability / Email Security
A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens.
"Most of this activity occurred after the initial fix became public on GitHub," Google Threat Analysis Group (TAG) said in a report shared with The Hacker News.
The flaw, tracked as CVE-2023-37580 (CVSS score: 6.1), is a reflected cross-site scripting (XSS) vulnerability impacting versions before 8.8.15 Patch 41. It was addressed by Zimbra as part of patches released on July 25, 2023.
Successful exploitation of the shortcoming could allow execution of malicious scripts on the victims' web browser simply by tricking them into clicking on a specially crafted URL, effectively initiating the XSS request to Zimbra and reflecting the attack back to the user.
Google TAG, whose researcher Clément Lecigne was credited with discovering and reporting the bug, said it discovered multiple campaign waves starting June 29, 2023, at least two weeks before Zimbra issued an advisory.
Three of the four campaigns were observed prior to the relea ..
Support the originator by clicking the read the rest link below.
