Zimbra Multiple Vulnerabilities
Release Date:
5 Sep 2024
2174
Views
RISK: Medium Risk
TYPE: Servers - Internet App Servers
Multiple vulnerabilities were identified in Zimbra. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and cross-site scripting on the targeted system.
Impact
- Remote Code Execution
- Cross-Site Scripting
System / Technologies affected
- Zimbra Collaboration Joule prior to 8.8.15 Patch 46 GA
- Zimbra Collaboration Kepler prior to 9.0.0 Patch 41 GA
- Zimbra Collaboration Daffodil prior to 10.0.9
- Zimbra Daffodil prior to v10.1.1
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1
Vulnerability Identifier
- CVE-2024-27443
- CVE-2024-33535
- CVE-2024-33536
- CVE-2024-38356
- CVE-2024-45194
- CVE-2024-45510
- CVE-2024-45511
- CVE-2024-45512
- CVE-2024-45513
- CVE-2024-45514
- CVE-2024-45515
- CVE-2024-45516
- CVE-2024-45517
- CVE-2024-45518
- CVE-2024-45519
Source
Related Link
Related Tags
Share with