heise PlusAbo
Anzeige

Several security vulnerabilities in Zimbra 10.1.3 closed

Attackers can attack the e-mail and groupware solution Zimbra via several vulnerabilities.

listen Print view
A circle-arrow on which a person clicks with a finger.

(Image: Shutterstock/chanpipat)

1 min. read
Security
By

The Zimbra developers have closed several security gaps. Among other things, attackers can access files that are actually protected.

In the changelog for the current version 10.1.3, the developers state that they have closed vulnerabilities in the Apache (CVE-2023-38709"high"), ClamAV (CVE-2024-20328"medium") and OpenJDK (CVE-2023-22067"medium") packages, among others. If attacks are successful, attackers can execute their own commands, among other things.

Videos by heise

There are also two other vulnerabilities in the changelog, but they have not been assigned a CVE number. At this point, attackers can access sensitive data in the WebRoot, for example. The developers have also fixed several bugs.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten