CVE-2023-24032

high-risk

Published 2023-06-15

In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Collaboration

Affected Vendors

Zimbra

References (4)

Patch https://wiki.zimbra.com/wiki/Security_Center

Vendor Advisory https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Patch https://wiki.zimbra.com/wiki/Security_Center

Vendor Advisory https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

/ 100

high-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 27/34 · High