[CVE-2024-45519] Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability

CISA KEV 정보

취약점명	Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability
설명	Synacor Zimbra Collaboration Suite (ZCS) contains an unspecified vulnerability in the postjournal service that may allow an unauthenticated user to execute commands.
조치사항	Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
랜섬웨어 캠페인 악용	Unknown
CWE	CWE-284
등록일 (KEV)	2024-10-03
조치 기한	2024-10-24
추가 참고	https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2024-45519

NVD 상세 정보

CVSS v3.1: 10.0 CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

설명: The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.

CWE: CWE-78

참조

https://wiki.zimbra.com/wiki/Security_Center [Release Notes]
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes [Release Notes]
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes [Release Notes]
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes [Release Notes]
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes [Release Notes]
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy [Not Applicable]
https://blog.projectdiscovery.io/zimbra-remote-code-execution/ [Exploit]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-45519 [US Government Resource]

This product uses the NVD API but is not endorsed or certified by the NVD.

바로 가기

[CVE-2024-45519] Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability

CISA KEV 정보

NVD 상세 정보

참조

IT 도구 서랍