Zimbra Webmail Platform Bugs Gave Access To Mail Servers

Two safety bugs in Zimbra webmail may enable an adversary to entry and management mail servers. While the vulnerabilities have acquired a repair, they doubtlessly risked hundreds of enterprises globally.

Zimbra Bugs Exposed Mail Servers

Researchers from SonarSource discovered two totally different safety bugs within the open-source webmail platform Zimbra, exploiting which may expose mail servers.

Zimbra is a devoted software program suite with an online shopper and an e-mail server. Besides emails, it additionally helps chats, doc sharing, videoconferencing, and integration with different mail shoppers resembling Mozilla Thunderbird, Apple Mail, and Microsoft Outlook.

Specifically, one of many bugs features a stored XSS vulnerability (CVE-2021-35208) within the Calendar Invite element. It’s a medium severity bug with a severity rating of 5.4.

Exploiting this bug merely required an attacker to ship a malicious e-mail to the goal person. Once the sufferer opens that e-mail, a JavaScript payload would execute, giving the attacker entry to all sufferer emails.

Whereas the researchers have recognized the second vulnerability as an SSRF (CVE-2021-35209) permitting whitelist bypass. Though exploiting this bug required the attacker to have an authenticated entry, it didn’t matter what position the attacker would have. Thus, combining it with the primary bug may enable entry to the cloud infrastructure and extract delicate information.

In a real-world situation, these bugs may simply set off large-scale phishing assaults in opposition to enterprises. The researchers have shared the technical particulars in regards to the vulnerabilities in a blog post.

Patches Deployed

After discovering these bugs, SonarSource reached out to Zimbra, which then patched each of them.

According to the seller’s advisories, Zimbra fastened the bugs with Patch 23 of Zimbra 8.8.15 and Patch 16 of Zimbra 9.0.0.

Given the severity of the failings if exploited, all customers should replace the respective releases to remain protected from potential assaults.

Let us know your ideas within the feedback.

Related Posts