CVE-2024-45519

Опубликовано: 02 окт. 2024

Источник: nvd

CVSS3: 10

CVSS3: 9.8

EPSS Критический

Описание

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.

Ссылки

https://wiki.zimbra.com/wiki/Security_Center
Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes
Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes
Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes
Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes
Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
Not Applicable
https://blog.projectdiscovery.io/zimbra-remote-code-execution/
Exploit
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-45519
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*

Версия до 8.8.15 (исключая)

cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*

Версия от 10.0.0 (включая) до 10.0.9 (исключая)

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:-:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p1:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p10:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p11:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p12:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p13:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p14:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p15:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p16:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p17:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p18:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p19:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p2:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p20:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p21:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p22:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p23:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p24:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p25:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p26:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p27:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p28:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p29:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p3:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p30:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p31:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p31.1:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p32:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p33:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p34:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p35:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p36:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p37:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p38:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p39:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p4:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p40:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p41:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p42:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p43:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p44:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p45:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p5:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p6:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p7:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p8:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p9:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:-:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p1:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p10:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p11:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p12:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p13:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p14:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p15:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p16:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p17:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p18:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p19:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p2:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p20:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p21:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p22:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p23:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24.1:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p25:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p26:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p27:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p28:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p29:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p3:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p30:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p31:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p32:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p33:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p34:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p35:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p36:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p37:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p38:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p39:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p4:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p40:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p5:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p6:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p7:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p8:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p9:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.9414

Критический

10 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-78

Связанные уязвимости

GHSA-fr4c-ch83-r968

CVSS3: 10

github

больше 1 года назад

BDU:2024-07279

CVSS3: 9.8

fstec

больше 1 года назад

Уязвимость службы Postjournal Service корпоративной системы управления электронной почтой Zimbra Collaboration Suite, позволяющая нарушителю выполнить произвольные команды

EPSS

Процентиль: 100%

0.9414

Критический

10 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-78