Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure.
The flaws — tracked as CVE-2021-35208 and CVE-2021-35208 — were discovered and reported in Zimbra 8.8.15 by researchers from code quality and security solutions provider SonarSource in May 2021. Mitigations have since been released in Zimbra versions 8.8.15 Patch 23 and 9.0.0 Patch 16.
- CVE-2021-35208 (CVSS score: 5.4) – Stored XSS Vulnerability in ZmMailMsgView.java
- CVE-2021-35209 (CVSS score: 6.1) – Proxy Servlet Open Redirect Vulnerability
“A combination of these vulnerabilities could enable an unauthenticated attacker to compromise a complete Zimbra webmail server of a targeted organization,” said SonarSource vulnerability researcher, Simon Scannell, who identified the security weaknesses. “As a result, an attacker would gain unrestricted access to all sent and received emails of all employees.”
Zimbra is a cloud-based email, calendar, and collaboration suite for enterprises and is available both as an open-source version and a commercially supported version with additional features such as a proprietary connector API to synchronize mail, calendar, and contacts to Microsoft Outlook, among others. It’s used by over 200,000 businesses across 160 countries.
CVE-2021-35208 concerns a cross-site scripting (XSS) vulnerability in the Calendar Invite component that can be triggered in a victim’s browser upon viewing a specially-crafted email message containing a JavaScript payload that, when executed, grants access to the target’s entire inbox as well as the web client session, which can then be abused to launch further attacks.
The problem stems from the fact that the Zimbra web clients — an Ajax-based desktop client, a static HTML client, and a mobile-optimized client — perform the sanitization of the HTML content of incoming emails on the server-side and in a manner that enables a bad actor to inject rogue JavaScript code.
“The downside of using server-side sanitization is that all three clients may transform the trusted HTML of an email afterwards to display it in their unique way,” Scannell said. “Transformation of already sanitized HTML inputs can lead to corruption of the HTML and then to XSS attacks.”
On the other hand, CVE-2021-35208 relates to a server side request forgery (SSRF) attack wherein an authenticated member of an organization can chain the flaw with the aforementioned XSS issue to redirect the HTTP client used by Zimbra to an arbitrary URL and extract sensitive information from the cloud, including Google Cloud API access tokens and IAM credentials from AWS, leading to its compromise.
“Zimbra would like to alert its customers that it is possible for them to introduce an SSRF security vulnerability in the Proxy Servlet,” the company noted in its advisory. “If this servlet is configured to allow a particular domain (via zimbraProxyAllowedDomains configuration setting), and that domain resolves to an internal IP address (such as 127.0.0.1), an attacker could possibly access services running on a different port on the same server, which would normally not be exposed publicly.”
Source of this news: https://thehackernews.com/2021/07/new-bug-could-let-attackers-hijack.html
Related posts:
Dallas Invents is a weekly look at U.S. patents granted with a connection to the Dallas-Fort Worth-Arlington metro area. Listings include patents granted to local assignees and/or those with a N...
This blog is about the How to Fix Netflix Error Code NW-3-6. We will try our best so that you understand this guide . I hope you like this blog How to Fix Netflix Error Code NW-3-6. If your answer is...
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In ad...
Curity sponsored this post. These days, the most standard way to secure APIs is via access tokens, which use the JSON Web Token (JWT) format. Although there are many online tutorials about recei...
The administrator on your personal data will be Threatpost, Inc., 500 Unicorn School yard, Woburn, MA 01801. Detailed information on the processing of private data can be found in the privacy p...
Although gambling is established in almost all countries just about, and millions of people, if not more, enjoy it, it is still reckoned to be illegal in many countries and affirms. It is considere...
VPNs keep your internet service activity hidden, but if a player knows what they’re attempting to, they can tell when you happen to be using one. That might solid alarming, but as long in the for...
It was not more than a matter of time. While multifactor authentication (MFA) makes taking into systems safer, this can doesn’t make it “safe. ” As well-known hacker Kevin Mitnick of KnownBe4...
Regulation exists to stop email tracking without your consent. In Europe, pixels are covered by the Privacy Electronic Communications Regulations 2003 (Pecr) and the EU’s General Data Protection Regu...
Yesterday morning all of a sudden sites were taking a long time to load, and then, when it was taking a long time to copy between this pc and another on the home network I twigged that the signal str...
JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over 41,000 times. This is not...
This blog is about the Best Offline Browsers For Windows 10. We will try our best so that you understand this guide . I hope you like this blog Best Offline Browsers For Windows 10. If your answer is...
U.S. stocks are mixed early Thursday, vacillating as market rotation persists after the Federal Reserve’s Wednesday policy statement. Against this backdrop, the Dow Jones Industrial Average has exte...
The rise in remote exercise continues to expose network security measures concerns within the enterprise establishing, and a new report by Palo Alto Networks imparts yet another risk -- applying ...
One of the main missions of DW is to advocate for freedom of expression and free access to information around the world. One of the growing threats to these tenets is internet censorship. Countries a...
Few 1 . 51 billion IoT breaches occurred from The month of january to June, most when telnet remote access project. IoT cyberattacks more than doubled year-on-year during the first 50 % of 2...
Generation and validation of SARS-CoV-2 homology modelsHomology-based modeling of all 29 SARS-CoV-2 proteins was performed in Modeller95 using a multiple template modeling procedure consistent with p...
VPN Myspace proxy Master is definitely a safe, no-log VPN because of the world’s best security has got specifically designed to protect the online stability of its users. Because a user’s personal...
