CISA and the Multi-State Information Sharing & Analysis Center, or MS-ISAC are publishing this joint Cybersecurity Advisory in response to active exploitation of multiple Common Vulnerabilities and Exposures against Zimbra Collaboration Suite, an enterprise cloud-hosted collaboration software and email platform.
AA22-228A Alert, Technical Details, and Mitigations
Volexity’s Mass Exploitation of (Un)authenticated Zimbra RCE: CVE-2022-27925
Hackers are actively exploiting password-stealing flaw in Zimbra
CISA adds Zimbra email vulnerability to its exploited vulnerabilities catal…
CVE-2022-27925 detail
Mass exploitation of (un)authenticated Zimbra RCE: CVE-2022-27925
CVE-2022-37042 detail
Authentication bypass in MailboxImportServlet vulnerability
CVE-2022-30333 detail
UnRAR vulnerability exploited in the wild, likely against Zimbra servers
Zimbra Collaboration Kepler 9.0.0 patch 25 GA release
Zimbra UnRAR path traversal
Operation EmailThief: Active exploitation of zero-day XSS vulnerability in…
Hotfix available 5 Feb for zero-day exploit vulnerability in Zimbra 8.8.15
All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.