VMware has released security update to address vulnerability affecting its multiple products. Exploitation of this vulnerability may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review VMware Security Advisory and apply necessary updates.

GitLab has released security updates to address vulnerabilities in multiple version of GitLab DevOps platform. Exploitation of this vulnerability may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review GitLab Security Releases Note and apply necessary updates.

Red Hat has released security updates to address vulnerability in Red Hat OpenShift Workload Availability 1 x86_64. Exploitation of this vulnerability may allow an attacker to cause Denial of Service condition to an affected system.

Users and Administrators are encouraged to review Red Hat Security Advisory and apply necessary updates.

Advisory No: TZCERT/SA/2022/08/17

Date of First Release: 17^th August 2022

Source: Zimbra

Software Affected:  Zimbra  8.8.15  and 9.0

Overview:

Zimbra is affected by two high severity vulnerabilities ( CVSS score 7.2) due to weakness in Zimbra Collaboration, both of which could be chained to allow unauthenticated remote code execution on the affected email servers.

Description:

CVE-2022-27925 is a high severity vulnerability in Zimbra Collaboration Suite (ZCS) that uses mboximport functionality to receive a ZIP archive and extract files from it. An authenticated user can upload arbitrary files to the system, resulting in directory traversal.

CVE-2022-37042 is an authentication bypass flaw that affects ZCS releases 8.8.15 and 9.0. The vulnerability could allow an unauthenticated malicious actor access to a vulnerable ZCS instance. This vulnerability was discovered in the MailboxImportServlet function.

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

Zimbra has released the patch to remediate the vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://www.cisa.gov/uscert/ncas/alerts/aa22-228a
2. https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/
3. https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/

Ubuntu has released security updates to address vulnerabilities in zlib and PyJWT. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Ubuntu Security Advisories USN-5570-1 and USN-5526-2 and apply necessary updates.