Skip to main content

Zimbra Multiple Vulnerabilities

Last Update Date: 3 Oct 2024 Release Date: 5 Sep 2024 4165 Views

RISK: High Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

Multiple vulnerabilities were identified in Zimbra. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and cross-site scripting on the targeted system.

 

Note:

CVE-2024-45519 is being exploited in the wild. The vulnerability in the Zimbra's "postjournal" service which may allow unauthenticated users to execute commands. Successful exploitation requires that "postjournal" service is enabled (disabled by default). Hence, the risk level is rated from Medium Risk to High Risk.

 

[Updated on 2024-10-03]

Updated Risk Level and Description.


Impact

  • Remote Code Execution
  • Cross-Site Scripting

System / Technologies affected

  • Zimbra Collaboration Joule prior to 8.8.15 Patch 46 GA
  • Zimbra Collaboration Kepler prior to 9.0.0 Patch 41 GA
  • Zimbra Collaboration Daffodil prior to 10.0.9
  • Zimbra Daffodil prior to v10.1.1

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:


Vulnerability Identifier


Source


Related Link