Download and Install Zimbra 8.8.15 Patch 30: What You Need to Know
On March 11, 2022, researchers from SonarSource announced the discovery of this ZCS vulnerability. Zimbra issued fixes for releases 8.8.15 and 9.0 on May 10, 2022. Based on evidence of active exploitation, CISA added this vulnerability to the Known Exploited Vulnerabilities Catalog on August 4, 2022. Due to ease of exploitation, CISA and the MS-ISAC expect to see widespread exploitation of unpatched ZCS instances in government and private networks.
zimbra 8.8.15 patch 30 download
CVE-2022-24682 is a medium-severity vulnerability that impacts ZCS webmail clients running releases before 8.8.15 patch 30 (update 1), which contain a cross-site scripting (XSS) vulnerability allowing malicious actors to steal session cookie files. Researchers from Volexity shared this vulnerability on February 3, 2022[9], and Zimbra issued a fix on February 4, 2022.[10] CISA added this vulnerability to the Known Exploited Vulnerabilities Catalog on February 25, 2022.
The primary attack vector of the MalasLocker group is the exploitation of a significant vulnerability in Zimbra Collaboration Suite (ZCS), a widely-used enterprise cloud-hosted collaboration software and email platform. The primary vulnerability exploited by the group is CVE-2022-24682 [1], a flaw discovered in the Calendar feature of Zimbra Collaboration Suite. Versions 8.8.x before 8.8.15 patch 30 (update 1) are affected by this vulnerability [1].
Zimbra has patched the authentication issue in its 9.0.0P26 and 8.8.15P33 releases. If you were late to patch for the RCE vulnerability, you should assume that your server instance has been compromised.
The company said: A durable fix for the issue is undergoing testing and quality review and will be made available as an update to 8.8.15p30. The updated patch is scheduled for availability via our download site on 5 February 2022.
Proceed to install Zimbra packages. You can simply press Enter to choose the default prompts....Select the packages to installInstall zimbra-ldap [Y] yInstall zimbra-logger [Y] yInstall zimbra-mta [Y] yInstall zimbra-dnscache [Y] yInstall zimbra-snmp [Y] yInstall zimbra-store [Y] yInstall zimbra-apache [Y] yInstall zimbra-spell [Y] yInstall zimbra-memcached [Y] yInstall zimbra-proxy [Y] yInstall zimbra-drive [Y] yInstall zimbra-imapd (BETA - for evaluation only) [N] Install zimbra-chat [Y] yChecking required space for zimbra-coreChecking space for zimbra-storeChecking required packages for zimbra-storezimbra-store package check complete.Installing: zimbra-core zimbra-ldap zimbra-logger zimbra-mta zimbra-dnscache zimbra-snmp zimbra-store zimbra-apache zimbra-spell zimbra-memcached zimbra-proxy zimbra-drive zimbra-patch zimbra-mta-patch zimbra-proxy-patch zimbra-chat...After that, you are prompted on whether to modify the system. Accept by typing y and press enter to proceed.
How to install zimbra 8.8.15 patch 30 on ubuntu
Zimbra 8.8.15 patch 30 release notes and security fixes
Zimbra 8.8.15 patch 30 upgrade guide and best practices
Zimbra 9.0.0 patch 23 vs zimbra 8.8.15 patch 30 comparison
Zimbra 8.8.15 patch 30 log4j vulnerability and mitigation
Zimbra docs live collaboration with zimbra 8.8.15 patch 30
Zimbra 8.8.15 patch 30 download link and checksum
Zimbra 8.8.15 patch 30 installation error and troubleshooting
Zimbra 8.8.15 patch 30 new features and enhancements
Zimbra 8.8.15 patch 30 supported platforms and system requirements
Zimbra 8.8.15 patch 30 backup and restore procedure
Zimbra 8.8.15 patch 30 performance and stability improvements
Zimbra 8.8.15 patch 30 known issues and limitations
Zimbra 8.8.15 patch 30 review and feedback
Zimbra 8.8.15 patch 30 webinar and demo
Zimbra 8.8.15 patch 30 license and pricing
Zimbra 8.8.15 patch 30 compatibility with zextras suite
Zimbra 8.8.15 patch 30 migration from other email servers
Zimbra 8.8.15 patch 30 configuration and customization options
Zimbra 8.8.15 patch 30 integration with third-party applications
Zimbra patches history and roadmap for zimbra 8.8.x series
Zimbra network edition vs open source edition with zimbra 8.8.15 patch 30
Zimbra modern UI vs classic UI with zimbra 8.8.15 patch 30
Zimbra high availability and disaster recovery with zimbra 8.8.15 patch 30
Zimbra multi-server installation with zimbra 8.8.15 patch 30
Zimbra mail server security best practices with zimbra 8.8.15 patch 30
Zimbra mail server monitoring and maintenance with zimbra 8.8.15 patch 30
Zimbra mail server troubleshooting tips and tricks with zimbra 8.8.15 patch 30
Zimbra mail server optimization and tuning with zimbra 8.8.15 patch 30
Zimbra mail server administration commands and tools with zimbra 8.8.15 patch
Zimbra mail server spam filtering and antivirus with zimbra 8.8.15 patch
Zibra mail server backup and restore procedure