DIVD-2024-00040 - Zimbra Collaboration (ZCS) vulnerable for RCE under specific conditions
Our reference | DIVD-2024-00040 |
Case lead | Oscar Vlugt |
Researcher(s) | |
CVE(s) | |
Products |
|
Versions |
|
Recommendation | Update to non vulnerable versions |
Patch status | Patch available |
Workaround | None |
Status | Open |
Last modified | 08 Oct 2024 12:26 CEST |
Summary
Zimbra, a widely used email and collaboration platform, recently released a critical security update addressing a severe vulnerability in its postjournal service. The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
Recommendations
To remediate CVE-2024-45519 apply the updates listed at the Zimbra Security Center. You can find a link to the Zimbra Security Center at the bottom of this post.
What we are doing
DIVD is currently working to identify parties that are running a vulnerable version of Zimbra Collaboration (ZCS) and to notify these parties. We do this by looking at the version numbers if possible. Although our fingerprinting cannot confirm if instances are vulnerable under the specific conditions, we want to issue a warning that parties should upgrade or patch if their instance falls within the specified vulnerable versions.
Timeline
Date | Description |
---|---|
25 Sep 2024 | DIVD starts researching the vulnerability. |
06 Oct 2024 | DIVD finds fingerprint, preparing to scan. |
08 Oct 2024 | Case opened and starting first scan. |
More information
- CVE-2024-45519
- National Vulnerability Database for CVE-2024-45519
- Zimbra Security Center
- Project Discovery analysis