HomeUpdateA new severe zero-day issue added by CISA

A new severe zero-day issue added by CISA

-

Last Updated on 02/03/2022 by Nidhi Khandelwal

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a recently disclosed zero-day issue in the Zimbra email platform to its Known Exploited Vulnerabilities Catalog, citing indications of active exploitation in the wild.

A new severe zero-day issue added by CISA 1

CVE-2022-24682 (CVSS: 6.1) is a cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite’s Calendar function that might be exploited by an attacker to deceive users into downloading arbitrary JavaScript code merely by clicking a link to vulnerable URLs in phishing communications.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a recently disclosed zero-day issue in the Zimbra email platform to its Known Exploited Vulnerabilities Catalog, citing indications of active exploitation in the wild.

CVE-2022-24682 (CVSS: 6.1) is a cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite’s Calendar function that might be exploited by an attacker to deceive users into downloading arbitrary JavaScript code merely by clicking a link to vulnerable URLs in phishing communications.

A new severe zero-day issue added by CISA 2

The attacker is being tracked by Volexity under the alias “TEMP HERETIC,” with the attacks affecting Zimbra’s open-source edition running version 8.8.15. The bug has since been fixed with a hotfix (version 8.8.15 P30) from Zimbra.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

This is how Russia is being punished for the war

0
The developer of the popular "node-ipc" NPM package published a new modified version to denounce Russia's invasion of Ukraine, sparking concerns about open-source and...