Zimbra Multiple Vulnerabilities
Multiple vulnerabilities were identified in Zimbra. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and cross-site scripting on the targeted system.
Note:
CVE-2024-45519 is being exploited in the wild. The vulnerability in the Zimbra’s “postjournal” service which may allow unauthenticated users to execute commands. Successful exploitation requires that “postjournal” service is enabled (disabled by default). Hence, the risk level is rated from Medium Risk to High Risk.
[Updated on 2024-10-03]
Updated Risk Level and Description.
RISK: High Risk
TYPE: Servers – Internet App Servers
Impact
- Remote Code Execution
- Cross-Site Scripting
System / Technologies affected
- Zimbra Collaboration Joule prior to 8.8.15 Patch 46 GA
- Zimbra Collaboration Kepler prior to 9.0.0 Patch 41 GA
- Zimbra Collaboration Daffodil prior to 10.0.9
- Zimbra Daffodil prior to v10.1.1
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1
Vulnerability Identifier
- CVE-2024-27443
- CVE-2024-33535
- CVE-2024-33536
- CVE-2024-38356
- CVE-2024-45194
- CVE-2024-45510
- CVE-2024-45511
- CVE-2024-45512
- CVE-2024-45513
- CVE-2024-45514
- CVE-2024-45515
- CVE-2024-45516
- CVE-2024-45517
- CVE-2024-45518
- CVE-2024-45519
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
