Dear Zimbra Customer, Partners & Friends,
Zimbra was listed in the April 15, 2021 NSA|CSS cybersecurity advisory related to CVE-2019-9670. The vulnerability is limited to versions 8.7 – 8.7.11 Patch 10, which are end-of-life. All versions before and after are not affected. Any production system running these versions should be upgraded to 8.7.11 Patch 11 or higher and should be considered potentially compromised. We recommend migrating these systems to a supported version as soon as possible, and if you need guidance, please open a Zimbra Support case.
Your Zimbra Team