New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email – The Hacker News

zimbra email server

Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure.

The flaws — tracked as CVE-2021-35208 and CVE-2021-35208 — were discovered and reported in Zimbra 8.8.15 by researchers from code quality and security solutions provider SonarSource in May 2021. Mitigations have since been released in Zimbra versions 8.8.15 Patch 23 and 9.0.0 Patch 16.

  • CVE-2021-35208 (CVSS score: 5.4) – Stored XSS Vulnerability in ZmMailMsgView.java
  • CVE-2021-35209 (CVSS score: 6.1) – Proxy Servlet Open Redirect Vulnerability

“A combination of these vulnerabilities could enable an unauthenticated attacker to compromise a complete Zimbra webmail server of a targeted organization,” said SonarSource vulnerability researcher, Simon Scannell, who identified the security weaknesses. “As a result, an attacker would gain unrestricted access to all sent and received emails of all employees.”

Stack Overflow Teams

Zimbra is a cloud-based email, calendar, and collaboration suite for enterprises and is available both as an open-source version and a commercially supported version with additional features such as a proprietary connector API to synchronize mail, calendar, and contacts to Microsoft Outlook, among others. It’s used by over 200,000 businesses across 160 countries.

CVE-2021-35208 concerns a cross-site scripting (XSS) vulnerability in the Calendar Invite component that can be triggered in a victim’s browser upon viewing a specially-crafted email message containing a JavaScript payload that, when executed, grants access to the target’s entire inbox as well as the web client session, which can then be abused to launch further attacks.

zimbra vulnerability

The problem stems from the fact that the Zimbra web clients — an Ajax-based desktop client, a static HTML client, and a mobile-optimized client — perform the sanitization of the HTML content of incoming emails on the server-side and in a manner that enables a bad actor to inject rogue JavaScript code.

“The downside of using server-side sanitization is that all three clients may transform the trusted HTML of an email afterwards to display it in their unique way,” Scannell said. “Transformation of already sanitized HTML inputs can lead to corruption of the HTML and then to XSS attacks.”

Prevent Ransomware Attacks

On the other hand, CVE-2021-35208 relates to a server side request forgery (SSRF) attack wherein an authenticated member of an organization can chain the flaw with the aforementioned XSS issue to redirect the HTTP client used by Zimbra to an arbitrary URL and extract sensitive information from the cloud, including Google Cloud API access tokens and IAM credentials from AWS, leading to its compromise.

“Zimbra would like to alert its customers that it is possible for them to introduce an SSRF security vulnerability in the Proxy Servlet,” the company noted in its advisory. “If this servlet is configured to allow a particular domain (via zimbraProxyAllowedDomains configuration setting), and that domain resolves to an internal IP address (such as 127.0.0.1), an attacker could possibly access services running on a different port on the same server, which would normally not be exposed publicly.”

Source of this news: https://thehackernews.com/2021/07/new-bug-could-let-attackers-hijack.html

Related posts:

Dallas Invents: 149 Patents Granted for Week of Aug 3 » Dallas Innovates - dallasinnovates.com
Dallas Invents is a weekly look at U.S. patents granted with a connection to the Dallas-Fort Worth-Arlington metro area. Listings include patents granted to local assignees and/or those with a N...
How to Fix Netflix Error Code NW-3-6 2021 Tips - BollyInside
This blog is about the How to Fix Netflix Error Code NW-3-6. We will try our best so that you understand this guide . I hope you like this blog How to Fix Netflix Error Code NW-3-6. If your answer is...
Exchange Servers Under Active Attack via ProxyShell Bugs - Threatpost
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In ad...
Securely Scaling the Myriad APIs in Real-World Backend Platforms - thenewstack.io
Curity sponsored this post. These days, the most standard way to secure APIs is via access tokens, which use the JSON Web Token (JWT) format. Although there are many online tutorials about recei...
Genuine Proxy Phantom ATO Deception Ring Haunts eCommerce Company - Threatpost
The administrator on your personal data will be Threatpost, Inc., 500 Unicorn School yard, Woburn, MA 01801. Detailed information on the processing of private data can be found in the privacy p...
Should you have a proxy server to perfom at online casino? - KnowTechie
Although gambling is established in almost all countries just about, and millions of people, if not more, enjoy it, it is still reckoned to be illegal in many countries and affirms. It is considere...
Will likely ISPs, Websites, and Your Master Tell If You’re Using a VPN? - Lifehacker Australia
VPNs keep your internet service activity hidden, but if a player knows what they’re attempting to, they can tell when you happen to be using one. That might solid alarming, but as long in the for...
Multifactor Authentication Is Being Targeted through the process of Hackers – The New Add - thenewst...
It was not more than a matter of time. While multifactor authentication (MFA) makes taking into systems safer, this can doesn’t make it “safe. ” As well-known hacker Kevin Mitnick of KnownBe4...
How to stop your emails from tracking you - Wired.co.uk
Regulation exists to stop email tracking without your consent. In Europe, pixels are covered by the Privacy Electronic Communications Regulations 2003 (Pecr) and the EU’s General Data Protection Regu...
wifi signal strength reduced sharply. aerial? - Internal Hardware - BleepingComputer
Yesterday morning all of a sudden sites were taking a long time to load, and then, when it was taking a long time to copy between this pc and another on the home network I twigged that the signal str...
Malicious Python packages employ advanced detection evasion techniques - Help Net Security
JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over 41,000 times. This is not...
Best Offline Browsers For Windows 10 2021 Tips - BollyInside
This blog is about the Best Offline Browsers For Windows 10. We will try our best so that you understand this guide . I hope you like this blog Best Offline Browsers For Windows 10. If your answer is...
Charting market rotation: Dow industrials take flight amid surging Treasury yields - MarketWatch
U.S. stocks are mixed early Thursday, vacillating as market rotation persists after the Federal Reserve’s Wednesday policy statement. Against this backdrop, the Dow Jones Industrial Average has exte...
Madero Alto Networks: Personal VPNs pose risks to associations - TechTarget
The rise in remote exercise continues to expose network security measures concerns within the enterprise establishing, and a new report by Palo Alto Networks imparts yet another risk -- applying ...
Using DW and Psiphon to circumvent internet censorship - Deutsche Welle
One of the main missions of DW is to advocate for freedom of expression and free access to information around the world. One of the growing threats to these tenets is internet censorship. Countries a...
IoT Cyberattacks Escalate in 2021, According to Kaspersky - IoT World Today
Few 1 . 51 billion IoT breaches occurred from The month of january to June, most when telnet remote access project. IoT cyberattacks more than doubled year-on-year during the first 50 % of 2...
A 3D structural SARS-CoV-2–human interactome to explore genetic and drug perturbations - Nature.com
Generation and validation of SARS-CoV-2 homology modelsHomology-based modeling of all 29 SARS-CoV-2 proteins was performed in Modeller95 using a multiple template modeling procedure consistent with p...
VPN Proxy Master Provides Internet surfers With World-Class Security Areas Changing Cybersecurity En...
VPN Myspace proxy Master is definitely a safe, no-log VPN because of the world’s best security has got specifically designed to protect the online stability of its users. Because a user’s personal...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30