Unpatched vulnerabilities are a gateway for hacker intrusions. They make cybercriminals’ jobs easy to break into targeted network systems. Cybersecurity experts from security firm SonarSource recently uncovered two critical vulnerabilities in Zimbra’s enterprise webmail solution that could allow an attacker to compromise and obtain persistent access to business email accounts. Zimbra is a popular open-source solution provider for enterprise mail services to global public and private organizations.
The vulnerabilities, tracked as CVE-2021-35208 and CVE-2021-35209, existed in Zimbra 8.8.15 version. “A combination of these vulnerabilities could enable an unauthenticated attacker to compromise a targeted organization’s Zimbra webmail server. As a result, an attacker would gain unrestricted access to all sent and received emails of all employees,” Zimbra said.
Tracked as CVE-2021-35209, this is a Server-Side Request Forgery (SSRF) flaw that can be exploited by a remote attacker by combining it with the XSS vulnerability. The flaw allows unauthorized access to Zimbra’s HTTP client and pilfers private information like access tokens and credentials from Google Cloud and Amazon Web Services.
Zimbra fixed both the flaws in its latest security update after SonarSource reported the issue. “Zimbra would like to alert its customers that they can introduce an SSRF security vulnerability in the Proxy Servlet. If this servlet is configured to allow a particular domain (via zimbraProxyAllowedDomains configuration setting), and that domain resolves to an internal IP address (such as 127.0.0.1), an attacker could access services running on a different port on the same server, which would normally not be exposed publicly. So, we urge our customers to review this configuration setting to ensure that there are no vulnerabilities are introduced,” Zimbra added.