CVE-2024-45519

CRITICAL KEV NUCLEI

Zimbra Collaboration <8.8.15-9.0.0-10.0.9-10.1.1 - Command Injection

Title source: llm

Description

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.

Exploits (6)

nomisec WORKING POC 134 stars
by Chocapikk · remote
https://github.com/Chocapikk/CVE-2024-45519
nomisec WORKING POC 42 stars
by p33d · remote
https://github.com/p33d/CVE-2024-45519
nomisec WORKING POC
by sec13b · remote
https://github.com/sec13b/CVE-2024-45519

Nuclei Templates (1)

Zimbra Collaboration Suite < 9.0.0 - Remote Code Execution
CRITICALby pdresearch,iamnoooob,parthmalhotra,ice3man543
Shodan: http.title:"zimbra collaboration suite" || http.title:"zimbra web client sign in" || http.favicon.hash:1624375939
FOFA: title="zimbra web client sign in" || title="zimbra collaboration suite"

References (8)

Scores

CVSS v3 10.0
EPSS 0.9414
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CISA KEV 2024-10-03
VulnCheck KEV 2024-10-01
InTheWild.io 2024-10-03
ENISA EUVD EUVD-2024-41520
CWE
CWE-78
Status published
Products (2)
synacor/zimbra_collaboration_suite 8.8.15 (47 CPE variants)
synacor/zimbra_collaboration_suite 9.0.0 (3 CPE variants)
Published Oct 02, 2024
KEV Added Oct 03, 2024
Tracked Since Feb 18, 2026