BROADCASTS.com

CISA and the Multi-State Information Sharing & Analysis Center, or MS-ISAC are publishing this joint Cybersecurity Advisory in response to active exploitation of multiple Common Vulnerabilities and Exposures against Zimbra Collaboration Suite, an enterprise cloud-hosted collaboration software and email platform.\nAA22-228A Alert, Technical Details, and Mitigations\nVolexity\u2019s Mass Exploitation of (Un)authenticated Zimbra RCE: CVE-2022-27925\nHackers are actively exploiting password-stealing flaw in Zimbra\nCISA adds Zimbra email vulnerability to its exploited vulnerabilities catal\u2026\nCVE-2022-27925 detail\nMass exploitation of (un)authenticated Zimbra RCE: CVE-2022-27925\nCVE-2022-37042 detail\nAuthentication bypass in MailboxImportServlet vulnerability\nCVE-2022-30333 detail\nUnRAR vulnerability exploited in the wild, likely against Zimbra servers\nZimbra Collaboration Kepler 9.0.0 patch 25 GA release\nZimbra UnRAR path traversal\nOperation EmailThief: Active exploitation of zero-day XSS vulnerability in\u2026\nHotfix available 5 Feb for zero-day exploit vulnerability in Zimbra 8.8.15\nAll organizations should report incidents and anomalous activity to CISA\u2019s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI\u2019s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.\nLearn more about your ad choices. Visit megaphone.fm/adchoices