CVE CyberSecurity Database News

CVE-2022-24682 Calendar feature was vulnerable, and was exploited in the wild starting in December 2021.

Poster -

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1). An attacker could manipulate HTML in an email message to place arbitrary code in the context of an email client. An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1). An attacker could manipulate HTML in an email message to place arbitrary code in the context of an email client. An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1) where an attacker could place HTML containing executable JavaScript that is executed by the browser. An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1). An attacker could manipulate HTML in an email message to place arbitrary code in the context of an email client. An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1) where an attacker could place HTML containing executable JavaScript that is executed by the browser. An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1). An attacker could manipulate HTML in an email message to place arbitrary code

Vulnerability summary

An attacker could manipulate HTML in an email message to place arbitrary code in the context of an email client. An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1) where an attacker could place HTML containing executable JavaScript that is executed by the browser. An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1). An attacker could manipulate HTML in an email message to place arbitrary code in the context of an email client.

What is Zimbra?

Zimbra is a web-based and desktop email, calendar and contact collaboration solution. Zimbra Collaboration Suite is an open source software that provides features for collaboration such as shared calendars, contacts, tasks and calendaring.
In conclusion, there are many things to think about when outsourcing your SEO strategy. You have to consider the price, length of time needed for the project, and what you want your outcome to be. Outsourcing your SEO strategy will ensure that your digital presence is generating maximum impact and helps you establish an authoritative online presence.

Credit Risk

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1). An attacker could manipulate HTML in an email message to place arbitrary code in the context of an email client. An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1) where an attacker could place HTML containing executable JavaScript that is executed by the browser

Summary

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1). An attacker could manipulate HTML in an email message to place arbitrary code in the context of an email client.
An issue was discovered by a researcher that is able to place HTML containing executable JavaScript that is executed by the browser.

New Features

In addition to providing an email client, the Calendar feature in Zimbra Collaboration Server 8.8.x before 8.8.15 patch 30 (update 1) also provides a calendar for external users and internal users who do not have access to a personal calendar in their profile page. This calendar shows events from different calendars as well as events not visible in any other calendars (including the current user's calendar).

Timeline

Published on: 02/09/2022 04:15:00 UTC
Last modified on: 02/11/2022 17:23:00 UTC

References