轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202602-00000010

[內容說明]
【CVE-2020-7796】Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability (CVSS v3.1: 9.8)
【是否遭勒索軟體利用:未知】 Synacor Zimbra Collaboration Suite (ZCS) 在安裝 WebEx zimlet 且啟用 zimlet JSP 的情況下存在伺服器端請求偽造漏洞。

【CVE-2024-7694】TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability (CVSS v3.1: 7.2)
【是否遭勒索軟體利用:未知】 TeamT5 ThreatSonar Anti-Ransomware產品上傳檔案內容過濾未臻完善，已取得產品平台管理權限之遠端攻擊者可上傳惡意檔案，並透過該檔案於伺服器上執行任意系統指令。

【CVE-2008-0015】Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability (CVSS v3.1: 8.8)
【是否遭勒索軟體利用:未知】 Microsoft Windows Video ActiveX 控制項存在遠端程式碼執行漏洞。攻擊者可透過製作特製的網頁來利用此漏洞。當使用者瀏覽該網頁時，可能導致遠端程式碼執行。成功利用此漏洞的攻擊者可能取得與已登入使用者相同的權限。

【CVE-2026-2441】Google Chromium CSS Use-After-Free Vulnerability (CVSS v3.1: 8.8)
【是否遭勒索軟體利用:未知】 Google Chromium CSS 存在使用釋放後記憶體漏洞，可能允許遠端攻擊者透過特製 HTML 頁面利用堆疊損毀。此漏洞可能影響多款使用 Chromium 的網頁瀏覽器，包括但不限於 Google Chrome、Microsoft Edge 及 Opera。

【CVE-2021-22175】GitLab Server-Side Request Forgery (SSRF) Vulnerability (CVSS v3.1: 6.8)
【是否遭勒索軟體利用:未知】 GitLab 在啟用對內部網路的 Webhook 請求時，存在伺服器端請求偽造漏洞。

【CVE-2026-22769】Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability (CVSS v3.1: 10.0)
【是否遭勒索軟體利用:未知】 Dell RecoverPoint for Virtual Machines (RP4VMs) 存在硬編碼憑證漏洞，可能允許未經驗證的遠端攻擊者取得底層作業系統存取權限，並維持持久存取。

【CVE-2025-49113】RoundCube Webmail Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 9.9)
【是否遭勒索軟體利用:未知】 RoundCube Webmail 存在反序列化不受信任資料漏洞，由於program/actions/settings/upload.php未能驗證 URL 中的 _from 參數，導致已驗證使用者可藉此漏洞遠端執行程式碼。

【CVE-2025-68461】RoundCube Webmail Cross-site Scripting Vulnerability (CVSS v3.1: 7.2)
【是否遭勒索軟體利用:未知】 RoundCube Webmail 存在跨站指令碼漏洞，攻擊者可透過 SVG 文件中的 animate 標籤加以利用。

[影響平台]
【CVE-2020-7796】請參考官方所列的影響版本 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7

【CVE-2024-7694】ThreatSonar Anti-Ransomware 3.4.5(含)以前版本

【CVE-2008-0015】請參考官方所列的影響版本 https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037

【CVE-2026-2441】請參考官方所列的影響版本 https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html

【CVE-2021-22175】請參考官方所列的影響版本 https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/

【CVE-2026-22769】請參考官方所列的影響版本 https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079

【CVE-2025-49113】請參考官方所列的影響版本 https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10

【CVE-2025-68461】請參考官方所列的影響版本 https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12

[建議措施]
【CVE-2020-7796】 官方已針對漏洞釋出修復更新，請更新至相關版本 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7

【CVE-2024-7694】 更新至3.5.0(含)以後版本，或利用 Hotfix-20240715 進行修補 。

【CVE-2008-0015】 官方已針對漏洞釋出修復更新，請更新至相關版本 https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037

【CVE-2026-2441】 官方已針對漏洞釋出修復更新，請更新至相關版本 https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html

【CVE-2021-22175】 官方已針對漏洞釋出修復更新，請更新至相關版本 https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/

【CVE-2026-22769】 官方已針對漏洞釋出修復更新，請更新至相關版本 https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079

【CVE-2025-49113】 官方已針對漏洞釋出修復更新，請更新至相關版本 https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10

【CVE-2025-68461】 官方已針對漏洞釋出修復更新，請更新至相關版本 https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202602-00000010

[Content Description]
【CVE-2020-7796】Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability (CVSS v3.1: 9.8)
【Ransomware Exploitation: Unknown】Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery vulnerability if WebEx zimlet is installed and zimlet JSP is enabled.

【CVE-2024-7694】TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability (CVSS v3.1: 7.2)
【Exploited by Ransomware: Unknown】The TeamT5 ThreatSonar Anti-Ransomware product's file upload content filtering is inadequate. A remote attacker with administrative privileges on the product platform can upload malicious files and execute arbitrary system commands on the server using those files.

【CVE-2008-0015】Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability (CVSS v3.1: 8.8)
【Exploited by Ransomware: Unknown】A remote code execution vulnerability exists in the Microsoft Windows Video ActiveX control. An attacker can exploit this vulnerability by creating a specially crafted webpage. When a user browses this webpage, remote code execution may occur. An attacker who successfully exploits this vulnerability may gain the same privileges as an already logged-in user.

【CVE-2026-2441】 Google Chromium CSS Use-After-Free Vulnerability (CVSS v3.1: 8.8)
【Ransomware Exploitation: Unknown】A use-after-free memory vulnerability exists in Google Chromium CSS, which could allow a remote attacker to exploit stacking corruption through specially crafted HTML pages. This vulnerability may affect multiple web browsers that use Chromium, including but not limited to Google Chrome, Microsoft Edge, and Opera.

【CVE-2021-22175】GitLab Server-Side Request Forgery (SSRF) Vulnerability (CVSS v3.1: 6.8)
【Ransomware Exploitation: Unknown】GitLab has a server-side request forgery vulnerability when enabling webhook requests to the internal network.

【CVE-2026-22769】Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability (CVSS v3.1: 10.0)
【Exploited by Ransomware: Unknown】A hard-coded credential vulnerability exists in Dell RecoverPoint for Virtual Machines (RP4VMs), potentially allowing an unauthenticated remote attacker to gain persistent access to the underlying operating system.

【CVE-2025-49113】RoundCube Webmail Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 9.9)
【Exploited by Ransomware: Unknown】RoundCube Webmail contains a vulnerability that deserializes untrusted data. Because program/actions/settings/upload.php fails to validate the _from parameter in the URL, an authenticated user could remotely execute code using this vulnerability.

【CVE-2025-68461】RoundCube Webmail Cross-site Scripting Vulnerability (CVSS v3.1: 7.2)
【Exploitation by Ransomware: Unknown】RoundCube Webmail contains a cross-site scripting vulnerability that attackers can exploit through the animate tag in SVG files.

[Affected Platforms]
【CVE-2020-7796】Please refer to the official list of affected versions: https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7

【CVE-2024-7694】ThreatSonar Anti-Ransomware versions 3.4.5 and earlier

【CVE-2008-0015】Please refer to the official list of affected versions: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037

【CVE-2026-2441】Please refer to the official list of affected versions: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html

【CVE-2021-22175】Please refer to the official list of affected versions https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/

【CVE-2026-22769】Please refer to the affected versions listed in the official documentation: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079

【CVE-2025-49113】Please refer to the affected versions listed in the official documentation: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10

【CVE-2025-68461】Please refer to the affected versions listed in the official documentation. https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12

[Recommended Actions]
【CVE-2020-7796】An official patch has been released for this vulnerability. Please update to the relevant version: https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7

【CVE-2024-7694】Update to version 3.5.0 or later, or use Hotfix-20240715 to patch the vulnerability.

【CVE-2008-0015】An official patch update has been released for this vulnerability. Please update to the relevant version: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037

【CVE-2026-2441】An official patch update has been released for this vulnerability. Please update to the relevant version: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html

【CVE-2021-22175】An official patch update has been released for this vulnerability. Please update to the relevant version: https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/

【CVE-2026-22769】An official patch update has been released for this vulnerability. Please update to the relevant version. https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079

【CVE-2025-49113】An official patch update has been released for this vulnerability. Please update to the relevant version: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10

【CVE-2025-68461】An official patch update has been released for this vulnerability. Please update to the relevant version: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12