Zimbra 8.7.0 to 8.7.11 Patch 9 servers being exploited

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
User avatar
barrydegraaff
Zimbra Employee
Zimbra Employee
Posts: 242
Joined: Tue Jun 17, 2014 3:31 am
Contact:

Zimbra 8.7.0 to 8.7.11 Patch 9 servers being exploited

Post by barrydegraaff »

Hello All,

Zimbra was listed in the April 15, 2021 NSA|CSS cybersecurity advisory related to CVE-2019-9670. The vulnerability is limited to versions 8.7 - 8.7.11 Patch 10, which are end-of-life. All versions before and after are not affected. Any production system running these versions should be upgraded to 8.7.11 Patch 11 or higher and should be considered potentially compromised. We recommend migrating these systems to a supported version as soon as possible, and if you need guidance, please open a Zimbra Support case.

See also: http://lists.zetalliance.org/pipermail/ ... 01764.html

Regards, Barry
--
Barry de Graaff
Email: barry.degraaff [at] synacor [dot] com
Admin of Zimbra-Community Github: https://github.com/orgs/Zimbra-Community/ and the
Zimlet Gallery https://gallery.zetalliance.org/extend/
Post Reply