• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisa adds recently disclosed zimbra bug to its exploited vulnerabilities

CISA adds recently disclosed Zimbra bug to its Exploited Vulnerabilities Catalog

You are here: Home / General Cyber Security News / CISA adds recently disclosed Zimbra bug to its Exploited Vulnerabilities Catalog
March 1, 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Identified Exploited Vulnerabilities Catalog to include things like a recently disclosed zero-working day flaw in the Zimbra email platform citing proof of active exploitation in the wild.

Tracked as CVE-2022-24682 (CVSS score: 6.1), the issue considerations a cross-web site scripting (XSS) vulnerability in the Calendar function in Zimbra Collaboration Suite that could be abused by an attacker to trick buyers into downloading arbitrary JavaScript code just by clicking a link to exploit URLs in phishing messages.

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The Acknowledged Exploited Vulnerabilities Catalog is a repository of security flaws that have been found abused by danger actors in attacks and that are expected to be patched by Federal Civilian Executive Branch (FCEB) businesses.

The vulnerability came to gentle on February 3, 2022, when cybersecurity business Volexity determined a collection of targeted spear-phishing campaigns aimed at European governing administration and media entities that leveraged the aforementioned flaw to get unauthorized accessibility to victim’s mailboxes and plant malware.

Volexity is tracking the actor beneath the moniker “TEMP_HERETIC,” with the attacks impacting the open-source version of Zimbra operating variation 8.8.15. Zimbra has due to the fact pushed out a hotfix (edition 8.8.15 P30) to remediate the flaw.

Prevent Data Breaches

Owing to the opportunity influence of this vulnerability, CISA has specified federal agencies right up until March 11, 2022, to use the security updates. In addition to CVE-2022-24682, CISA has also added the next 3 vulnerabilities to the catalog –

  • CVE-2017-8570 (CVSS rating: 7.8) – Microsoft Business office Distant Code Execution Vulnerability
  • CVE-2017-0222 (CVSS score: 7.5) – Microsoft Internet Explorer Memory Corruption Vulnerability
  • CVE-2014-6352 (CVSS score: N/A) – Microsoft Windows Code Injection Vulnerability

Identified this short article exciting? Abide by THN on Facebook, Twitter  and LinkedIn to browse a lot more exceptional information we submit.


Some areas of this short article are sourced from:
thehackernews.com

Previous Post: «ukraine russia cyber warzone splits cyber underground Ukraine-Russia Cyber Warzone Splits Cyber Underground
Next Post: China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks china linked daxin malware targeted multiple governments in espionage attacks»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room
  • Link Found Connecting Chaos, Onyx and Yashma Ransomware
  • Zoom Patches ‘Zero-Click’ RCE Bug
  • Messages Sent Through Zoom Can Expose People to Cyber-Attack
  • Verizon Report: Ransomware, Human Error Among Top Security Risks
  • How Secrets Lurking in Source Code Lead to Major Breaches
  • Learn How Hackers Can Hijack Your Online Accounts Even Before You Create Them
  • UK Government Cybersecurity Advisory Board Applications Now Open
  • Better together: Accelerating security and success for MSPs with automation
  • GoodWill Ransomware Demands People Help the Most Vulnerable

Copyright © TheCyberSecurity.News, All Rights Reserved.