CVE-2023-26562

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration (ZCS) versions 8.8.15 through 9.0

Description The issue is related to a lack of account status check when sending emails using 2FA (two-factor authentication) in Zimbra Collaboration Suite. This can allow a remote attacker to elevate their privileges. A closed account with 2FA and generated passwords can send email messages when configured for Imap/smtp.

Recommendations For Zimbra Collaboration (ZCS) versions 8.8.15 through 9.0, consider disabling the Imap/smtp configuration for closed accounts as a temporary workaround until a patch is available. Restrict access to email sending functionality for accounts with 2FA and generated passwords to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.