Friday, December 3, 2021

Zimbra flaw lets attackers access the mail servers

Must Read

Authorities likely to tighten cybersecurity Standards after BigBasket data breach

NEW DELHI: Faced with the latest spate of cyber breaches ranging from this on Prime Minister Narendra Modi's site...

What is a Cyber Attack

A Cyberattack is an attack against a computer system, network infrastructure, and personal system using one or more computers...

The third malware Strain detected in SolarWinds supply chain attack

Security investigators have found another type of malware used by Russian attackers to loosen SolarWinds.CrowdStrike, one of two security...

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails of all employees.

Zimbra, an open-source webmail platform used by more than 200,000 enterprises, contained a pair of vulnerabilities that, if combined, allowed unauthenticated attackers to gain control of Zimbra servers.

The first vulnerability is a Cross-Site Scripting bug (CVE-2021-35208) that can be triggered in a victim’s browser when viewing an incoming email. 

The second vulnerability is an interesting bypass of an allow-list that leads to a powerful Server-Side Request Forgery vulnerability (CVE-2021-35209). It can be exploited by an authenticated member of an organization with any permission role, which means that it can be combined with the first vulnerability.

The Vulnerability is Discovered by Simon Scannell, a vulnerability researcher at SonarSource.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Panasonic Suffers Data Breach After attackers access internal network

Tech manufacturing giant Panasonic has confirmed that its network was accessed illegally this month during a cyberattack.Panasonic has disclosed a security...

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process of protecting your endpoints, be...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

More Articles Like This