HomeUpdateA new severe zero-day issue added by CISA

A new severe zero-day issue added by CISA

-

Last Updated on 02/03/2022 by Nidhi Khandelwal

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a recently disclosed zero-day issue in the Zimbra email platform to its Known Exploited Vulnerabilities Catalog, citing indications of active exploitation in the wild.

A new severe zero-day issue added by CISA 1

CVE-2022-24682 (CVSS: 6.1) is a cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite’s Calendar function that might be exploited by an attacker to deceive users into downloading arbitrary JavaScript code merely by clicking a link to vulnerable URLs in phishing communications.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a recently disclosed zero-day issue in the Zimbra email platform to its Known Exploited Vulnerabilities Catalog, citing indications of active exploitation in the wild.

CVE-2022-24682 (CVSS: 6.1) is a cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite’s Calendar function that might be exploited by an attacker to deceive users into downloading arbitrary JavaScript code merely by clicking a link to vulnerable URLs in phishing communications.

A new severe zero-day issue added by CISA 2

The attacker is being tracked by Volexity under the alias “TEMP HERETIC,” with the attacks affecting Zimbra’s open-source edition running version 8.8.15. The bug has since been fixed with a hotfix (version 8.8.15 P30) from Zimbra.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -[the_ad id="13487"]

Must Read