CVE-2024-33535

HIGH

7.5

Beschreibung

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory.

CVE Details

CVSS v3.1 Bewertung7.5

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht8/12/2024

Zuletzt geandert3/19/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

zimbra:collaboration

Schwachen (CWE)

CWE-22CWE-22

Referenzen

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes(cve@mitre.org)

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Security_Fixes(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.