Cybersecurity researchers have found a number of safety vulnerabilities in Zimbra e-mail collaboration software program that could possibly be doubtlessly exploited to compromise e-mail accounts by sending a malicious message and even obtain a full takeover of the mail server when hosted on a cloud infrastructure.
The issues — tracked as CVE-2021-35208 and CVE-2021-35208 — have been found and reported in Zimbra 8.8.15 by researchers from code high quality and safety options supplier SonarSource in Could 2021. Mitigations have since beenin Zimbra variations 8.8.15 Patch 23 and 9.0.0 Patch 16.
- (CVSS rating: 5.4) – Saved XSS Vulnerability in ZmMailMsgView.java
- (CVSS rating: 6.1) – Proxy Servlet Open Redirect Vulnerability
“A mixture of those vulnerabilities might allow an unauthenticated attacker to compromise an entire Zimbra webmail server of a focused group,”SonarSource vulnerability researcher, Simon Scannell, who recognized the safety weaknesses. “In consequence, an attacker would acquire unrestricted entry to all despatched and acquired emails of all workers.”
Zimbra is a cloud-based e-mail, calendar, and collaboration suite for enterprises and is obtainable each as an open-source model and a commercially supported model with further options resembling a proprietary connector API to synchronize mail, calendar, and contacts to Microsoft Outlook, amongst others. It isby over 200,000 companies throughout 160 nations.
“The draw back of utilizing server-side sanitization is that every one three purchasers might rework the trusted HTML of an e-mail afterwards to show it of their distinctive method,” Scannell stated. “Transformation of already sanitized HTML inputs can result in corruption of the HTML after which to XSS assaults.”
Then again, CVE-2021-35208 pertains to a server aspect request forgery () assault whereby an authenticated member of a corporation can chain the flaw with the aforementioned XSS subject to redirect the HTTP shopper utilized by Zimbra to an arbitrary URL and extract delicate data from the cloud, together with Google Cloud API entry tokens and IAM credentials from AWS, resulting in its compromise.
“Zimbra wish to alert its prospects that it’s potential for them to introduce an SSRF safety vulnerability within the Proxy Servlet,” the corporatein its advisory. “If this servlet is configured to permit a specific area (through configuration setting), and that area resolves to an inside IP handle (resembling 127.0.0.1), an attacker might probably entry companies working on a special port on the identical server, which might usually not be uncovered publicly.”