The U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Identified Exploited Vulnerabilities Catalog to include things like a recently disclosed zero-working day flaw in the Zimbra email platform citing proof of active exploitation in the wild.
Tracked as CVE-2022-24682 (CVSS score: 6.1), the issue considerations a cross-web site scripting (XSS) vulnerability in the Calendar function in Zimbra Collaboration Suite that could be abused by an attacker to trick buyers into downloading arbitrary JavaScript code just by clicking a link to exploit URLs in phishing messages.

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The Acknowledged Exploited Vulnerabilities Catalog is a repository of security flaws that have been found abused by danger actors in attacks and that are expected to be patched by Federal Civilian Executive Branch (FCEB) businesses.
The vulnerability came to gentle on February 3, 2022, when cybersecurity business Volexity determined a collection of targeted spear-phishing campaigns aimed at European governing administration and media entities that leveraged the aforementioned flaw to get unauthorized accessibility to victim’s mailboxes and plant malware.
Volexity is tracking the actor beneath the moniker “TEMP_HERETIC,” with the attacks impacting the open-source version of Zimbra operating variation 8.8.15. Zimbra has due to the fact pushed out a hotfix (edition 8.8.15 P30) to remediate the flaw.
Owing to the opportunity influence of this vulnerability, CISA has specified federal agencies right up until March 11, 2022, to use the security updates. In addition to CVE-2022-24682, CISA has also added the next 3 vulnerabilities to the catalog –
- CVE-2017-8570 (CVSS rating: 7.8) – Microsoft Business office Distant Code Execution Vulnerability
- CVE-2017-0222 (CVSS score: 7.5) – Microsoft Internet Explorer Memory Corruption Vulnerability
- CVE-2014-6352 (CVSS score: N/A) – Microsoft Windows Code Injection Vulnerability
Identified this short article exciting? Abide by THN on Facebook, Twitter and LinkedIn to browse a lot more exceptional information we submit.
Some areas of this short article are sourced from:
thehackernews.com