Hello All,
Zimbra was listed in the April 15, 2021 NSA|CSS cybersecurity advisory related to CVE-2019-9670. The vulnerability is limited to versions 8.7 - 8.7.11 Patch 10, which are end-of-life. All versions before and after are not affected. Any production system running these versions should be upgraded to 8.7.11 Patch 11 or higher and should be considered potentially compromised. We recommend migrating these systems to a supported version as soon as possible, and if you need guidance, please open a Zimbra Support case.
See also: http://lists.zetalliance.org/pipermail/ ... 01764.html
Regards, Barry
Zimbra 8.7.0 to 8.7.11 Patch 9 servers being exploited
- barrydegraaff
- Zimbra Employee
- Posts: 242
- Joined: Tue Jun 17, 2014 3:31 am
- Contact:
Zimbra 8.7.0 to 8.7.11 Patch 9 servers being exploited
--
Barry de Graaff
Email: barry.degraaff [at] synacor [dot] com
Admin of Zimbra-Community Github: https://github.com/orgs/Zimbra-Community/ and the
Zimlet Gallery https://gallery.zetalliance.org/extend/
Barry de Graaff
Email: barry.degraaff [at] synacor [dot] com
Admin of Zimbra-Community Github: https://github.com/orgs/Zimbra-Community/ and the
Zimlet Gallery https://gallery.zetalliance.org/extend/