The Cybersecurity and Infrastructure Security Agency (CISA) has added one Zimbra vulnerability to its Known Exploited Vulnerabilities Catalog based on evidence that cyber criminals are actively exploiting the vulnerabilities.
Zimbra is one of the world’s leading open source email platform, powering hundreds of millions of mailboxes in 140 countries.
The Zimbra vulnerability CVE-2022-27924 is the second Zimbra flaw added to the CISA exploit catalog since February this year.
According to a NIST advisory, Zimbra Collaboration (i.e., ZCS) version 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance, which may cause an overwrite of arbitrary cached entries.
Just over a week ago, CISA also added a Critical Confluence App Hard-coded Credentials Vulnerability (CVE-2022-26138) to its Known Exploited Vulnerabilities Catalog.