Zimbra Multiple Vulnerabilities
RISK: High Risk
TYPE: Servers - Internet App Servers
Multiple vulnerabilities were identified in Zimbra. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and cross-site scripting on the targeted system.
Note:
CVE-2024-45519 is being exploited in the wild. The vulnerability in the Zimbra's "postjournal" service which may allow unauthenticated users to execute commands. Successful exploitation requires that "postjournal" service is enabled (disabled by default). Hence, the risk level is rated from Medium Risk to High Risk.
[Updated on 2024-10-03]
Updated Risk Level and Description.
Impact
- Remote Code Execution
- Cross-Site Scripting
System / Technologies affected
- Zimbra Collaboration Joule prior to 8.8.15 Patch 46 GA
- Zimbra Collaboration Kepler prior to 9.0.0 Patch 41 GA
- Zimbra Collaboration Daffodil prior to 10.0.9
- Zimbra Daffodil prior to v10.1.1
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1
Vulnerability Identifier
- CVE-2024-27443
- CVE-2024-33535
- CVE-2024-33536
- CVE-2024-38356
- CVE-2024-45194
- CVE-2024-45510
- CVE-2024-45511
- CVE-2024-45512
- CVE-2024-45513
- CVE-2024-45514
- CVE-2024-45515
- CVE-2024-45516
- CVE-2024-45517
- CVE-2024-45518
- CVE-2024-45519
Source
Related Link
Related Tags
Share with