Zimbra not affected by log4j (CVE-2021-44228)
After intensive review and testing, Zimbra Development determined that the 0-day exploit vulnerability for log4j (CVE-2021-44228) does not affect the current Supported Zimbra versions (9.0.0 & 8.8.15). Zimbra Collaboration Server currently uses log4j1 version 1.2.16 which doesn't contain the lookup expression feature that is found within versions 2.0 to 2.17, which is the cause of the vulnerability. Also, Redhat (CVE-2021-4104) vulnerability does not affect the Zimbra Collaboration Server version (8.8.15 & 9.0.0). For this vulnerability to affect the server, it needs JMSAppender, which the ZCS Server does not use, and the ability to append configuration files.

Intranet sign in

Ask questions about your setup or get help installing ZCS server (ZD section below).
User avatar
Posts: 2
Joined: Thu Jan 13, 2022 3:26 am

Intranet sign in

Postby zimbraNewbie » Thu Jan 13, 2022 11:11 pm

Hi all,

The place I work hired a contractor to install Zimbra on Centos7 and the project has been delivered.

For reasons unknown to me, certificate configuration and some other things were not included as a deliverable.
So I've come back from leave and had the Zimbra solution handed to me and already there is an issue.

As I said, Zimbra is installed on Centos7, but to administer it I go to the intranet address 'https://ipaddress:7071/zimbraAdmin'.
However, the certificate is not trusted so i get an error on HTTPS (see pic below for details)

The certificate that the browser sees is a self-signed cert which is from the Zimbra server.
I exported that cert and installed it on the local Windows machine I was using, into both the Trusted Root Certification Authority store of the local machine and current user but it still fails.

So I have a feeling that there is more to the configuration then simply importing the cert onto the local machine. Perhaps related to the private key?
I'm not a Linux expert so does anyone know how to get HTTPS working for Zimbra login?

Note: I've searched the forum and also read the installation and admin guide, I can't see any mention of how to do this.

zimbra ssl.png
zimbra ssl.png (54.31 KiB) Viewed 289 times

Return to “Installation and Upgrade”

Who is online

Users browsing this forum: No registered users and 16 guests