CVE-2024-45519

10.0

CRITICAL

Synacor Zimbra Collaboration Command Execution Vul - [Actively Exploited]

Description

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.

INFO

Published Date :

Oct. 2, 2024, 10:15 p.m.

Last Modified :

Oct. 23, 2024, 3:39 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

6.0

Exploitability Score :

3.9

CISA Notification

CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Due Date: Oct 24, 2024

Alert Date: Oct 03, 2024 | 49 days ago

Description :

Synacor Zimbra Collaboration contains an unspecified vulnerability in the postjournal service that may allow an unauthenticated user to execute commands.

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes :

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2024-45519

Public PoC/Exploit Available at Github

CVE-2024-45519 has a 4 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-45519 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product	Action
1	Zimbra	collaboration

: Total Affected Vendor : 1 | Products : 1

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-45519.

URL	Resource
https://wiki.zimbra.com/wiki/Security_Center	Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes	Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes	Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes	Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes	Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy	Product

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

plbplbp/loudong001

搭建漏洞

HTML

Updated: 1 day, 4 hours ago

0 stars 0 fork 0 watcher

Born at : Nov. 20, 2024, 7:53 a.m. This repo has been linked 32 different CVEs too.

whiterose7777/CVE-2024-45519

None

Python

Updated: 1 week, 2 days ago

1 stars 0 fork 0 watcher

Born at : Nov. 11, 2024, 8:57 a.m. This repo has been linked 1 different CVEs too.

NCSC-NL/zimbra-webshell-scan

Zimbra webshell scan

Shell

Updated: 1 month, 1 week ago

2 stars 0 fork 0 watcher

Born at : Oct. 9, 2024, 12:37 p.m. This repo has been linked 1 different CVEs too.

Chocapikk/CVE-2024-45519

Zimbra - Remote Command Execution (CVE-2024-45519)

Python

Updated: 1 month, 1 week ago

82 stars 15 fork 15 watcher

Born at : Oct. 5, 2024, 12:15 a.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-45519 vulnerability anywhere in the article.

TheCyberThrone

The CyberThrone Most Exploited Vulnerabilities Top 10 – October 2024

Welcome to TheCyberThrone most exploited vulnerabilities review. This review is for the month of October 2024CVE-2024-21762: Fortinet FortiOS: Out-of-bounds WriteCVSS 3.1 score : 9.8 CISA KEV : Y ...

Published Date: Nov 01, 2024 (2 weeks, 6 days ago)

CVE-2024-10488 CVE-2024-10487 CVE-2024-8924 CVE-2024-8923 CVE-2024-45519 CVE-2024-37085 CVE-2024-26198 CVE-2024-23113 CVE-2024-21762 CVE-2024-23897 ...+4 more CVE

Cybersecurity News

PSAUX Ransomware is Exploiting Two Max Severity Flaws (CVE-2024-51567, CVE-2024-51568) in CyberPanel

Image: DreyAndThree critical remote code execution (RCE) vulnerabilities impacting CyberPanel, a widely used web hosting control panel, are under active exploitation. Threat actors are leveraging thes ...

Published Date: Oct 30, 2024 (3 weeks, 1 day ago)

CVE-2024-51568 CVE-2024-51567 CVE-2024-51378 CVE-2024-47406 CVE-2024-45720 CVE-2024-45519

Cybersecurity News

ThreatFabric Reveals Dangerous Upgrades in LightSpy Spyware – 28 Plugins Targeting iOS Devices

Image: ThreatFabricThreatFabric released a report detailing advancements in the LightSpy implant, an iOS spyware first identified in 2020, which has evolved into a more complex and damaging tool. The ...

Published Date: Oct 30, 2024 (3 weeks, 1 day ago)

CVE-2024-10231 CVE-2024-10230 CVE-2024-10229 CVE-2024-9594 CVE-2024-9486 CVE-2024-3656 CVE-2024-45519 CVE-2023-23514 CVE-2020-9802 CVE-2020-3837

Cybersecurity News

AWS CDK Vulnerability: Missing S3 Bucket Could Lead to Account Takeover

Security researchers Ofek Itach and Yakir Kadkoda from Aqua Security’s Team Nautilus uncovered a critical vulnerability in the AWS Cloud Development Kit (CDK) that could lead to a full account takeove ...

Published Date: Oct 25, 2024 (3 weeks, 6 days ago)

CVE-2024-45720 CVE-2024-45519 CVE-2024-6593 CVE-2024-6592 CVE-2023-32315

Cybersecurity News

Critical EoP Flaw in Microsoft’s Remote Registry: Researcher Publishes PoC for CVE-2024-43532

Akamai researcher Stiv Kupchik published the technical details and a proof-of-concept (PoC) exploit code for a critical Elevation of Privilege (EoP) vulnerability, CVE-2024-43532, in Microsoft’s Remot ...

Published Date: Oct 22, 2024 (4 weeks, 2 days ago)

CVE-2024-20458 CVE-2024-9180 CVE-2024-43532 CVE-2024-45519 CVE-2024-7481 CVE-2024-7479 CVE-2024-21545 CVE-2024-26218

Cybersecurity News

Broadcom Warns of High-Risk VMware HCX Vulnerability (CVE-2024-38814)

In a recent security advisory, Broadcom disclosed a significant SQL injection vulnerability (CVE-2024-38814) affecting VMware HCX, a key component used in multi-cloud infrastructures to enable applica ...

Published Date: Oct 17, 2024 (1 month ago)

CVE-2024-38814 CVE-2024-45720 CVE-2024-45519 CVE-2024-6593 CVE-2024-6592 CVE-2024-7490

Cybersecurity News

Rittal IoT Interface and CMC III Processing Unit Plagued by Critical Security Flaws

Rittal, a leading provider of industrial automation solutions, has addressed multiple vulnerabilities in their IoT Interface and CMC III Processing Unit. Discovered by Johannes Kruchem of SEC Consult ...

Published Date: Oct 16, 2024 (1 month ago)

CVE-2024-47945 CVE-2024-47944 CVE-2024-47943 CVE-2024-45720 CVE-2024-45519 CVE-2024-6593 CVE-2024-6592 CVE-2024-7490

security.nl

'Nederland telt ruim tweehonderd Zimbra-mailservers met kritiek beveiligingslek'

Ruim tweehonderd Zimbra-mailservers in Nederland missen een beveiligingsupdate voor een op grote schaal aangevallen kritieke kwetsbaarheid, zo meldt The Shadowserver Foundation op basis van eigen onde ...

Published Date: Oct 07, 2024 (1 month, 2 weeks ago)

CVE-2024-45519

Cybersecurity News

Active Exploits Target Zimbra Collaboration: Over 19K Systems Vulnerable to CVE-2024-45519

Image: The Shadowserver FoundationEnterprise security firm Proofpoint has issued a critical warning regarding active exploitation attempts against Synacor’s Zimbra Collaboration platform. A recently d ...

Published Date: Oct 07, 2024 (1 month, 2 weeks ago)

CVE-2024-41988 CVE-2024-41987 CVE-2024-45519 CVE-2024-41721 CVE-2024-29847 CVE-2024-8190 CVE-2024-43917 CVE-2024-33533 CVE-2023-41106

TheCyberThrone

Apple fixes critical bugs in iOS 18

If you have any Apple devices running iOS 18, then make sure they have the latest patches installed.Apple has released an urgent iOS 18.0.1 and iPadOS 18.0.1 updates to fix two vulnerabilities, respec ...

Published Date: Oct 06, 2024 (1 month, 2 weeks ago)

CVE-2024-44207 CVE-2024-44204 CVE-2024-45519 CVE-2024-38200

Help Net Security

Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: October 2024 Patch Tuesday forecast: Recall can be recalled October arrived, and Microsoft started the ...

Published Date: Oct 06, 2024 (1 month, 2 weeks ago)

CVE-2024-45519 CVE-2024-29824

TheCyberThrone

PoC for Microsoft Office Zeroday CVE-2024-38200 released

Security researcher Metin Yunus Kandemir have released the technical details and a PoC exploit that reveals a critical information disclosure flaw in Microsoft Office. This vulnerability, which affect ...

Published Date: Oct 05, 2024 (1 month, 2 weeks ago)

CVE-2024-45519 CVE-2024-8353 CVE-2024-38200

TheCyberThrone

CISA adds Zimbra Vulnerability CVE-2024-45519 to its KEV Catalog

The US CISA has added Synacor Zimbra vulnerability to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation.The vulnerability tracked as CVE-2024-45519 with a CVSS s ...

Published Date: Oct 05, 2024 (1 month, 2 weeks ago)

CVE-2024-45519 CVE-2024-8353 CVE-2024-29824

The Cyber Express

The Week’s Top Vulnerabilities: Cyble Urges Fixes for NVIDIA, Adobe, CUPS

Cyble researchers had a busy week, investigating 19 vulnerabilities in the week ended Oct.1 and flagging eight of them as high priority. Cyble’s weekly IT vulnerability report also noted that research ...

Published Date: Oct 04, 2024 (1 month, 2 weeks ago)

CVE-2024-45367 CVE-2024-41925 CVE-2024-45519 CVE-2024-47177 CVE-2024-47176 CVE-2024-47175 CVE-2024-47076 CVE-2024-0132 CVE-2024-8275 CVE-2024-43917 ...+11 more CVE

Cybersecurity News

CISA Warns of Critical Flaws in TEM Opera Plus FM Transmitter Products Used in Critical Infrastructure

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding two critical vulnerabilities in the TEM Opera Plus FM Family Transmitter products, widely used in crit ...

Published Date: Oct 04, 2024 (1 month, 2 weeks ago)

CVE-2024-41988 CVE-2024-41987 CVE-2024-45519 CVE-2024-47070 CVE-2024-45409 CVE-2024-39714 CVE-2024-38650 CVE-2024-38382

The Cyber Express

‘Embarrassingly Bad’ Zimbra RCE Vulnerability Under Active Attack. Patch Now.

A critical remote code execution (RCE) vulnerability in Zimbra email servers is under active attack, and users are urged to patch immediately. Zimbra is already a popular target for hackers – CISA’s K ...

Published Date: Oct 03, 2024 (1 month, 2 weeks ago)

CVE-2024-45519 CVE-2024-21893 CVE-2024-21887 CVE-2023-46805 CVE-2021-44228 CVE-2017-11882

Ars Technica

Attackers exploit critical Zimbra vulnerability using cc’d email addresses

Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimbra in an attempt to remotely execute malicious commands that install a backdoor, researchers warn. The vulnerabil ...

Published Date: Oct 02, 2024 (1 month, 2 weeks ago)

CVE-2024-45519

Ars Technica

Attackers exploit critical vulnerability recently patched in Zimbra servers

Published Date: Oct 02, 2024 (1 month, 2 weeks ago)

CVE-2024-45519

The following table lists the changes that have been made to the CVE-2024-45519 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

Modified Analysis by [email protected]

Oct. 23, 2024

Action	Type	Old Value	New Value
Changed	Reference Type	https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes No Types Assigned	https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes Release Notes
Changed	Reference Type	https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes No Types Assigned	https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes Release Notes
Changed	Reference Type	https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes No Types Assigned	https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes Release Notes
Changed	Reference Type	https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes No Types Assigned	https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes Release Notes
Removed	CWE	NIST CWE-863
Added	CWE		NIST NVD-CWE-Other

CVE Modified by [email protected]

Oct. 22, 2024

Action	Type	New Value
Added	Reference	MITRE https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes [No types assigned]
Added	Reference	MITRE https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes [No types assigned]
Added	Reference	MITRE https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes [No types assigned]
Added	Reference	MITRE https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes [No types assigned]

Modified Analysis by [email protected]

Oct. 15, 2024

Action	Type	Old Value	New Value
Changed	Reference Type	https://wiki.zimbra.com/wiki/Security_Center Release Notes, Vendor Advisory	https://wiki.zimbra.com/wiki/Security_Center Release Notes
Changed	CPE Configuration	OR cpe:2.3:a:zimbra:collaboration::::::::* versions up to (excluding) 8.8.15 cpe:2.3:a:zimbra:collaboration:8.8.15:-::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p1::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p10::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p11::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p12::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p13::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p14::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p15::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p16::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p17::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p18::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p19::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p2::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p20::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p21::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p22::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p23::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p24::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p25::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p26::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p27::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p28::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p29::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p3::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p30::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p31::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p32::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p33::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p34::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p35::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p37::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p4::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p40::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p41::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p42::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p43::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p44::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p45::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p5::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p6::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p7::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p8::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p9::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:-::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p0::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p1::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p10::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p11::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p12::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p13::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p14::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p15::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p16::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p19::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p2::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p20::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p21::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p23::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p24::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p25::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p26::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p27::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p3::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p33::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p34::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p35::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p36::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p37::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p38::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p39::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p4::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p40::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p5::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p6::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p7::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p8::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p9::::::* cpe:2.3:a:zimbra:collaboration::::::::* versions from (including) 10.0.0 up to (excluding) 10.0.9	OR cpe:2.3:a:zimbra:collaboration::::::::* versions up to (excluding) 8.8.15 cpe:2.3:a:zimbra:collaboration:8.8.15:-::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p1::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p10::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p11::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p12::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p13::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p14::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p15::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p16::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p17::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p18::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p19::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p2::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p20::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p21::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p22::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p23::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p24::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p25::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p26::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p27::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p28::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p29::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p3::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p30::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p31::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p32::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p33::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p34::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p35::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p37::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p4::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p40::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p41::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p42::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p43::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p44::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p45::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p5::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p6::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p7::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p8::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p9::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:-::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p0::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p1::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p10::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p11::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p12::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p13::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p14::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p15::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p16::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p19::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p2::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p20::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p21::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p23::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p24::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p25::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p26::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p27::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p3::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p33::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p34::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p35::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p36::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p37::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p38::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p39::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p4::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p40::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p5::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p6::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p7::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p8::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p9::::::* cpe:2.3:a:zimbra:collaboration::::::::* versions from (including) 10.0.0 up to (excluding) 10.0.9 cpe:2.3:a:zimbra:collaboration:10.1.0:::::::

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Oct. 11, 2024

Action	Type	Old Value	New Value
Added	CWE		CISA-ADP CWE-284
Removed	CWE	CISA-ADP CWE-78

Modified Analysis by [email protected]

Oct. 10, 2024

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:a:zimbra:collaboration::::::::* versions up to (excluding) 8.8.15 cpe:2.3:a:zimbra:collaboration:8.8.15:-::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p1::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p10::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p11::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p12::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p13::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p14::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p15::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p16::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p17::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p18::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p19::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p2::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p20::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p21::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p22::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p23::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p24::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p25::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p26::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p27::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p28::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p29::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p3::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p30::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p31::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p32::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p33::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p34::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p35::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p37::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p4::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p40::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p41::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p42::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p43::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p44::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p45::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p5::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p6::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p7::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p8::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p9::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:-::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p0::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p1::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p10::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p11::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p12::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p13::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p14::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p15::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p16::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p19::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p2::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p20::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p21::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p23::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p24::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p25::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p26::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p27::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p3::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p33::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p34::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p35::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p36::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p37::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p38::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p39::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p4::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p40::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p5::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p6::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p7::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p8::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p9::::::* cpe:2.3:a:zimbra:collaboration::::::::* versions from (including) 10.0.0 up to (excluding) 10.0.9 cpe:2.3:a:zimbra:collaboration:10.1.0:::::::	OR cpe:2.3:a:zimbra:collaboration::::::::* versions up to (excluding) 8.8.15 cpe:2.3:a:zimbra:collaboration:8.8.15:-::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p1::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p10::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p11::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p12::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p13::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p14::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p15::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p16::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p17::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p18::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p19::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p2::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p20::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p21::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p22::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p23::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p24::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p25::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p26::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p27::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p28::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p29::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p3::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p30::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p31::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p32::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p33::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p34::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p35::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p37::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p4::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p40::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p41::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p42::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p43::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p44::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p45::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p5::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p6::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p7::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p8::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p9::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:-::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p0::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p1::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p10::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p11::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p12::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p13::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p14::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p15::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p16::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p19::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p2::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p20::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p21::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p23::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p24::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p25::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p26::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p27::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p3::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p33::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p34::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p35::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p36::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p37::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p38::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p39::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p4::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p40::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p5::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p6::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p7::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p8::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p9::::::* cpe:2.3:a:zimbra:collaboration::::::::* versions from (including) 10.0.0 up to (excluding) 10.0.9

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Oct. 09, 2024

Action	Type	Old Value	New Value
Added	CWE		CISA-ADP CWE-78
Removed	CWE	CISA-ADP CWE-284

Modified Analysis by [email protected]

Oct. 04, 2024

Action	Type	Old Value	New Value

CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

Oct. 04, 2024

Action	Type	New Value
Added	Due Date	2024-10-24
Added	Vulnerability Name	Synacor Zimbra Collaboration Command Execution Vulnerability
Added	Required Action	Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Added	Date Added	2024-10-03

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Oct. 03, 2024

Action	Type	Old Value	New Value
Added	CWE		CISA-ADP CWE-284

Initial Analysis by [email protected]

Oct. 03, 2024

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Changed	Reference Type	https://wiki.zimbra.com/wiki/Security_Center No Types Assigned	https://wiki.zimbra.com/wiki/Security_Center Release Notes, Vendor Advisory
Changed	Reference Type	https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy No Types Assigned	https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy Product
Added	CWE		NIST CWE-863
Added	CPE Configuration		OR cpe:2.3:a:zimbra:collaboration::::::::* versions up to (excluding) 8.8.15 cpe:2.3:a:zimbra:collaboration:8.8.15:-::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p1::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p10::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p11::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p12::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p13::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p14::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p15::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p16::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p17::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p18::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p19::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p2::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p20::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p21::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p22::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p23::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p24::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p25::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p26::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p27::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p28::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p29::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p3::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p30::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p31::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p32::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p33::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p34::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p35::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p37::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p4::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p40::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p41::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p42::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p43::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p44::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p45::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p5::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p6::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p7::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p8::::::* cpe:2.3:a:zimbra:collaboration:8.8.15:p9::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:-::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p0::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p1::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p10::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p11::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p12::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p13::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p14::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p15::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p16::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p19::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p2::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p20::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p21::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p23::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p24::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p25::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p26::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p27::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p3::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p33::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p34::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p35::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p36::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p37::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p38::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p39::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p4::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p40::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p5::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p6::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p7::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p8::::::* cpe:2.3:a:zimbra:collaboration:9.0.0:p9::::::* cpe:2.3:a:zimbra:collaboration::::::::* versions from (including) 10.0.0 up to (excluding) 10.0.9 cpe:2.3:a:zimbra:collaboration:10.1.0:::::::

CVE Received by [email protected]

Oct. 02, 2024

Action	Type	New Value
Added	Description	The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
Added	Reference	MITRE https://wiki.zimbra.com/wiki/Security_Center [No types assigned]
Added	Reference	MITRE https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy [No types assigned]
Added	CVSS V3.1	MITRE AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-45519 is associated with the following CWEs:

CWE-284: Improper Access Control

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-45519 weaknesses.

CAPEC-19: Embedding Scripts within Scripts Embedding Scripts within Scripts CAPEC-441: Malicious Logic Insertion Malicious Logic Insertion CAPEC-478: Modification of Windows Service Configuration Modification of Windows Service Configuration CAPEC-479: Malicious Root Certificate Malicious Root Certificate CAPEC-502: Intent Spoof Intent Spoof CAPEC-503: WebView Exposure WebView Exposure CAPEC-536: Data Injected During Configuration Data Injected During Configuration CAPEC-546: Incomplete Data Deletion in a Multi-Tenant Environment Incomplete Data Deletion in a Multi-Tenant Environment CAPEC-550: Install New Service Install New Service CAPEC-551: Modify Existing Service Modify Existing Service CAPEC-552: Install Rootkit Install Rootkit CAPEC-556: Replace File Extension Handlers Replace File Extension Handlers CAPEC-558: Replace Trusted Executable Replace Trusted Executable CAPEC-562: Modify Shared File Modify Shared File CAPEC-563: Add Malicious File to Shared Webroot Add Malicious File to Shared Webroot CAPEC-564: Run Software at Logon Run Software at Logon CAPEC-578: Disable Security Software Disable Security Software

CVE-2024-45519

Synacor Zimbra Collaboration Command Execution Vul - [Actively Exploited]

Description

INFO

Oct. 2, 2024, 10:15 p.m.

Oct. 23, 2024, 3:39 p.m.

[email protected]

Yes !

6.0

3.9

CISA KEV (Known Exploited Vulnerabilities)

Public PoC/Exploit Available at Github

Affected Products

References to Advisories, Solutions, and Tools

plbplbp/loudong001

whiterose7777/CVE-2024-45519

NCSC-NL/zimbra-webshell-scan

Chocapikk/CVE-2024-45519

The CyberThrone Most Exploited Vulnerabilities Top 10 – October 2024

PSAUX Ransomware is Exploiting Two Max Severity Flaws (CVE-2024-51567, CVE-2024-51568) in CyberPanel

ThreatFabric Reveals Dangerous Upgrades in LightSpy Spyware – 28 Plugins Targeting iOS Devices

AWS CDK Vulnerability: Missing S3 Bucket Could Lead to Account Takeover

Critical EoP Flaw in Microsoft’s Remote Registry: Researcher Publishes PoC for CVE-2024-43532

Broadcom Warns of High-Risk VMware HCX Vulnerability (CVE-2024-38814)

Rittal IoT Interface and CMC III Processing Unit Plagued by Critical Security Flaws

'Nederland telt ruim tweehonderd Zimbra-mailservers met kritiek beveiligingslek'

Active Exploits Target Zimbra Collaboration: Over 19K Systems Vulnerable to CVE-2024-45519

Apple fixes critical bugs in iOS 18

Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast

PoC for Microsoft Office Zeroday CVE-2024-38200 released

CISA adds Zimbra Vulnerability CVE-2024-45519 to its KEV Catalog

The Week’s Top Vulnerabilities: Cyble Urges Fixes for NVIDIA, Adobe, CUPS

CISA Warns of Critical Flaws in TEM Opera Plus FM Transmitter Products Used in Critical Infrastructure

‘Embarrassingly Bad’ Zimbra RCE Vulnerability Under Active Attack. Patch Now.

Attackers exploit critical Zimbra vulnerability using cc’d email addresses

Attackers exploit critical vulnerability recently patched in Zimbra servers

Modified Analysis by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Modified Analysis by [email protected]

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Modified Analysis by [email protected]

CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Initial Analysis by [email protected]

CVE Received by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable