Zimbra官网安全更新(2022-11-21)

来源:Zimbra官网 发布日期:2022-11-21 阅读次数:18

基本信息

发布日期:2022-11-21(官方当地时间)

更新类型: 安全更新

更新版本: 9.0.0

感知时间:2022-11-22 19:30:07

风险等级: 未知

情报贡献: TSRC

更新标题

ZCS 9.0.0 Patch 28 Released

更新详情

ZCS 9.0.0 Patch 28 was released on November 21, 2022. The release includes security fixes for:

XSS can occur in Classic UI login page by injecting arbitrary javascript code.
RCE through ClientUploader from authenticated admin user.
XSS can occur via one of attribute in webmail urls, leading to information disclosure.
The Apache package has been upgraded to version 2.4.54 to fix multiple vulnerabilities. CVE-2022-26377 CVE-2022-20770.
The ClamAV package has been upgraded to version 0.105.1-2 to fix multiple vulnerabilities. https://nvd.nist.gov/vuln/detail/CVE-2022-20771 CVE-2022-20771]
YUI dependency is removed from WebClient and Admin Console.

软件描述

Zimbra提供一套开源协同办公套件包括WebMail,日历,通信录,Web文档管理和创作。它最大的特色在于其采用Ajax技术模仿CS桌面应用软件的风格开发的客户端兼容Firefox,Safari和IE浏览器。

USRC分析

暂无

业界资讯

暂无