CVE-2024-45519
Vulnerability from cvelistv5
Published
2024-10-02 00:00
Modified
2024-10-22 21:01
Severity ?
Summary
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2024-10-03

Due date: 2024-10-24

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Unknown

Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2024-45519

Show details on NVD website


{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:zimbra:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "zimbra_collaboration_suite",
                  vendor: "zimbra",
                  versions: [
                     {
                        lessThanOrEqual: "8.8.15",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:zimbra:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "zimbra_collaboration_suite",
                  vendor: "zimbra",
                  versions: [
                     {
                        lessThanOrEqual: "9.0.0",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:zimbra:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "zimbra_collaboration_suite",
                  vendor: "zimbra",
                  versions: [
                     {
                        lessThan: "10.0.9",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:zimbra:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "affected",
                  product: "zimbra_collaboration_suite",
                  vendor: "zimbra",
                  versions: [
                     {
                        lessThan: "10.1.1",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-45519",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-03T13:44:03.899299Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2024-10-03",
                        reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-45519",
                     },
                     type: "kev",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-78",
                        description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-10T15:49:16.460Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            references: [
               {
                  tags: [
                     "exploit",
                  ],
                  url: "https://blog.projectdiscovery.io/zimbra-remote-code-execution/",
               },
            ],
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-10-22T21:01:35.614951",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://wiki.zimbra.com/wiki/Security_Center",
            },
            {
               url: "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy",
            },
            {
               url: "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes",
            },
            {
               url: "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes",
            },
            {
               url: "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes",
            },
            {
               url: "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2024-45519",
      datePublished: "2024-10-02T00:00:00",
      dateReserved: "2024-09-01T00:00:00",
      dateUpdated: "2024-10-22T21:01:35.614951",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      cisa_known_exploited: {
         cveID: "CVE-2024-45519",
         cwes: "[\"CWE-284\"]",
         dateAdded: "2024-10-03",
         dueDate: "2024-10-24",
         knownRansomwareCampaignUse: "Unknown",
         notes: "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2024-45519",
         product: "Zimbra Collaboration Suite (ZCS)",
         requiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
         shortDescription: "Synacor Zimbra Collaboration Suite (ZCS) contains an unspecified vulnerability in the postjournal service that may allow an unauthenticated user to execute commands.",
         vendorProject: "Synacor",
         vulnerabilityName: "Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2024-45519\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-10-02T22:15:02.770\",\"lastModified\":\"2025-02-25T02:00:02.097\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.\"},{\"lang\":\"es\",\"value\":\"El servicio postjournal en Zimbra Collaboration (ZCS) anterior a la versión 8.8.15 parche 46, 9 anterior a la versión 9.0.0 parche 41, 10 anterior a la versión 10.0.9 y 10.1 anterior a la versión 10.1.1 a veces permite que usuarios no autenticados ejecuten comandos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2024-10-03\",\"cisaActionDue\":\"2024-10-24\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.8.15\",\"matchCriteriaId\":\"1A604F85-992D-4CCF-8630-0456B92429BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.9\",\"matchCriteriaId\":\"18D6B3CE-07F4-45F9-A5C8-3CA0B1395039\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA48C450-201C-4398-AB65-EF6F95FB0380\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F759114-CF2D-48BF-8D09-EBE8D1ED1949\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"C43634F5-2946-44D2-8A50-B717374A8126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"20315895-5410-4B88-B2D9-E9C5D79A64DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF405091-A832-4945-87EC-AA525F37DF91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9B6FFA8-CFD2-47C6-9475-79210CB9AA84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*\",\"matchCriteriaId\":\"964CA714-937C-4FC0-A1E9-07F846C786BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAF8F155-1406-46ED-A81F-BCC4CE525F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*\",\"matchCriteriaId\":\"56A8F56B-3457-4C19-B213-3B04FEE8D7A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4F8D255-3F91-45FF-9133-4023BA688F9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"37BC4DF5-D111-4295-94FC-AA8929CDF2A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9D50108-0404-4791-8057-DB1786D311C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2A7E53F-8EAC-4DA9-8EAE-117759EFABEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*\",\"matchCriteriaId\":\"858727DB-AE6F-435D-B8FD-6C94C3400E40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FA6AC95-288C-4ABA-B2A7-47E4134EDC31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AA82728-5901-482A-83CF-F883D4B6A8E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E762792-542E-43D0-A95A-E7F48F328A28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DD4641A-EC23-4B1A-8729-9AECD70390AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0E3E825-1D1E-4ECD-B306-DD8BDCDD0547\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*\",\"matchCriteriaId\":\"840F98DC-57F1-4054-A6C1-6E7F0340AC2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE2A1305-68B7-4CB7-837F-4EDE2EBED507\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"21768A61-7578-4EEC-A23B-FEC10CAA9EDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA758408-4302-43BC-BDC9-1B70EC5D2FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*\",\"matchCriteriaId\":\"822CDEBC-0650-4970-B46F-06F505993086\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*\",\"matchCriteriaId\":\"971B5005-4676-4D93-A7DD-6AFDC8D0BEEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*\",\"matchCriteriaId\":\"81BC6A7F-D014-44B3-9361-20DB256D3C8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p35:*:*:*:*:*:*\",\"matchCriteriaId\":\"3810385E-95E8-491E-8281-394125DB04F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p37:*:*:*:*:*:*\",\"matchCriteriaId\":\"C08B5A0A-2935-4FEB-9133-4B35E1AB0CDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"661403E7-1D65-4710-8413-47D74FF65BE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p40:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CD3AEF8-0667-40B9-BCAA-6C9CA7D9C495\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p41:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0F8BB82-32E4-463D-B719-8E5186CAAECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p42:*:*:*:*:*:*\",\"matchCriteriaId\":\"9605C0CF-E5DF-497A-B298-D64ABCDAF88E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p43:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A77DFFA-CBBF-4F8C-9D8E-68CC115B4D2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p44:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E7EBCB8-3042-4BA9-B34A-E1C95F111B38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p45:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DEF465F-35ED-49ED-A86C-AE1C7FF76AFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"0695D2E0-45B3-493C-BA6D-471B90C0ACC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"714FAFE6-68AE-4304-B040-48BC46F85A2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"73FC2D2D-8BBD-4259-8B35-0D9BFA40567B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB97E9E6-CC4A-458D-B731-6D51130B942C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA688C43-846A-4C4A-AEDB-113D967D3D73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"685D9652-2934-4C13-8B36-40582C79BFC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E4DF01A-1AA9-47E8-82FD-65A02ECA1376\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDE59185-B917-4A81-8DE4-C65A079F52FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA3ED95F-95F2-4676-8EAF-B4B9EB64B260\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BB93336-CC3C-4B7F-B194-7DED036ABBAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"876F1675-F65C-4E86-ADBD-36EB8D8A997D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"2306F526-9C56-4A57-AA9B-02F2D6058C97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*\",\"matchCriteriaId\":\"C77A35B7-96F6-43A7-A747-C6AEEDE961E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC35882B-E709-42D8-8800-F1B734CEAFC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7A47276-F241-4A68-9458-E1481EBDC5E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"12D0D469-6C9B-4B66-9581-DC319773238A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:*\",\"matchCriteriaId\":\"40629BEB-DF4B-4FB8-8D3D-7BAC43C90766\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:*\",\"matchCriteriaId\":\"9503131F-CC23-4545-AE9C-9714B287CC25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:*\",\"matchCriteriaId\":\"8113A4E3-AA96-4382-815D-6FD88BA42EC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC8C28E0-6C51-41EE-A7B2-DB185D1D8FD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC19F11D-23D9-429D-A957-D67F23A40A01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAFA2EE7-C965-4F27-8CAE-E607A9F202AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p33:*:*:*:*:*:*\",\"matchCriteriaId\":\"D659AE6A-591E-4D5B-9781-9648250F5576\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p34:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4054E3E-561C-4B1C-A615-3CCE5CB69D77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p35:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FA0E9C4-25E4-4CD6-B88A-02B413385866\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p36:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D6F7CA3-C36A-466C-8FAD-D0B3CEF01F0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p37:*:*:*:*:*:*\",\"matchCriteriaId\":\"9684AC81-B557-4292-8402-AE55CB2E613C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p38:*:*:*:*:*:*\",\"matchCriteriaId\":\"32A352C4-0E9C-436F-ADA7-D93492A18037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p39:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABCA8698-AB88-4A6D-BD2B-DB22AEED6536\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F50D8C-7027-4A8D-8E95-98C224283772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p40:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEE1CBDD-F205-4EA7-9E8B-5527BC134C74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"82000BA4-1781-4312-A7BD-92EC94D137AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B52D301-2559-457A-8FFB-F0915299355A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"7215AE2C-8A33-4AB9-88D5-7C8CD11E806C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D859F77-8E39-4D46-BC90-C5C1D805A666\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDC810C7-45DA-4BDF-9138-2D3B2750243E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"E09D95A4-764D-4E0B-8605-1D94FD548AB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6198F75A-353D-4079-91DE-A7CC22DFE8B0\"}]}]}],\"references\":[{\"url\":\"https://wiki.zimbra.com/wiki/Security_Center\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://blog.projectdiscovery.io/zimbra-remote-code-execution/\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\"]}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45519\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-03T13:44:03.899299Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2024-10-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-45519\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:zimbra:zimbra_collaboration_suite:*:*:*:*:*:*:*:*\"], \"vendor\": \"zimbra\", \"product\": \"zimbra_collaboration_suite\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.8.15\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:zimbra:zimbra_collaboration_suite:*:*:*:*:*:*:*:*\"], \"vendor\": \"zimbra\", \"product\": \"zimbra_collaboration_suite\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.0.0\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:a:zimbra:zimbra_collaboration_suite:*:*:*:*:*:*:*:*\"], \"vendor\": \"zimbra\", \"product\": \"zimbra_collaboration_suite\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"10.0.9\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:a:zimbra:zimbra_collaboration_suite:*:*:*:*:*:*:*:*\"], \"vendor\": \"zimbra\", \"product\": \"zimbra_collaboration_suite\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"10.1.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284 Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-03T13:52:46.917Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://wiki.zimbra.com/wiki/Security_Center\"}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-10-02T21:18:17.145678\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2024-45519\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-09T20:18:08.717Z\", \"dateReserved\": \"2024-09-01T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-10-02T00:00:00\", \"assignerShortName\": \"mitre\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.