New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email
Cybersecurity researchers of SonarSource have discovered multiple security vulnerabilities in Zimbra Email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious email message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. The flaws which tracked as CVE-2021-35208 and CVE-2021-35208 were discovered and reported in Zimbra 8.8.15 by researchers from code quality and security solutions provider SonarSource in May 2021. Mitigations for these bugs have since been released in Zimbra versions 8.8.15 Patch 23 and 9.0.0 Patch 16. CVE-2021-35208 - Stored XSS Vulnerability in ZmMailMsgView.java CVE-2021-35209 - Proxy Servlet Open…