Zimbra Issues a Patch for the actively exploited XSS Zero-Day Vulnerability
Take action: If you are working with Zimbra Collaboration Suite, plan a patch to version 10.0.2. But first apply the workaround fix since it's very fast and will reduce your exposure until you implement a full upgrade.
Learn More
Zimbra, has released a patch for the recently disclosed a severe zero-day vulnerability that was actively being exploited by malicious actors in the wild. The initial action of Zimbra was a workaround to mitigate the issue.
Zimbra promptly a patch to address the flaw with the release of ZCS 8.8.15. However, it was later revealed that the vulnerability had already been under attack before the fix was made available.
Due to the active exploitation, Zimbra urged all its users to update their systems to the latest ZCS version 10.0.2, which included the re-released XSS zero-day patch, now tracked as CVE-2023-38750. This patch aimed to close the security loophole and prevent further attacks.
In addition to addressing the XSS vulnerability, the latest ZCS update (version 10.0.2) also fixed another security issue, known as CVE-2023-0464. This vulnerability was related to the verification of X.509 certificate chains that included policy constraints.
