CVE-2024-45519

critical-risk
Published 2024-10-02

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.

Do I need to act?

!
94.1% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
+
Fix available
Upgrade to: ac6081fa002b1511e926aba37740d2b6c20f3f43, 2c67cbdfaebf6a71928749b7146f4852876b63ff
10
CVSS 10.0/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Synacor

References (8)

Release Notes https://wiki.zimbra.com/wiki/Security_Center
Release Notes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes
Release Notes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes
Release Notes https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes
Release Notes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes
Not Applicable https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
Exploit https://blog.projectdiscovery.io/zimbra-remote-code-execution/
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-...
89
/ 100
critical-risk
Severity 33/34 · Critical
Exploitability 27/34 · High
Exposure 29/34 · Critical