Zimbra Patches Under-Attack Code Execution Bug


Zimbra, a manufacturer of messaging and collaboration software, has hurriedly released updates to address a code execution vulnerability that has already been used to install malware on target computers.

The flaw, identified as CVE-2022-41352, enables remote code execution and lets an attacker install a shell in the web root. The problem, which has a CVSS severity rating of 9.8/10, could give an attacker the opportunity to access the cpio package in an erroneous manner for any other user accounts. Read More…