CVE-2024-45519

CRITICALCISA KEV

10.0

Description

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.

CVE Details

CVSS v3.1 Score10.0

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published10/2/2024

Last Modified11/4/2025

Sourcekev

Honeypot Sightings0

CISA KEV

VendorSynacor

ProductZimbra Collaboration Suite (ZCS)

Vulnerability NameSynacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability

KEV Date Added2024-10-03

Remediation Due Date2024-10-24

Ransomware UseUnknown

Affected Products

synacor:zimbra_collaboration_suite

Weaknesses (CWE)

CWE-78

References

https://wiki.zimbra.com/wiki/Security_Center(cve@mitre.org)

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes(cve@mitre.org)

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes(cve@mitre.org)

https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes(cve@mitre.org)

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes(cve@mitre.org)

https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy(cve@mitre.org)

https://blog.projectdiscovery.io/zimbra-remote-code-execution/(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-45519(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.