Zimbra Warns of Exploited Critical Flaw in their Collaboration Suite

Zimbra, an email software provider, has issued a warning about a critical zero-day security flaw in its Zimbra Collaboration Suite Version 8.8.15 that is actively being exploited by malicious actors.

Update - the vulnerability is tracked as CVE-2023-34192 (CVSS score of 9)

The company has acknowledged the vulnerability's potential impact on data confidentiality and integrity and has announced that a fix will be included in the July patch release but is still not available.

Specific details about the flaw have not been disclosed to avoid broader exploitation.

Zimbra is advising customers to implement a manual workaround by modifying a specific file in their system.

• Take a backup of the file /opt/zimbra/jetty/webapps/zimbra/m/momoveto
• Edit this file and go to line number 40
• Update the parameter value as: <input name="st" type="hidden" value="${fn:escapeXml(param.st)}"/>
• Before the update, the line appeared as: <input name="st" type="hidden" value="${param.st}"/>

While the company has not provided information about the ongoing exploitation, Google Threat Analysis Group (TAG) has revealed that the vulnerability, a cross-site scripting (XSS) flaw, has been observed as part of targeted attacks in the wild.