Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2024-45519
PUBLISHEDThe postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1...
- Vendor
- Zimbra
- Product
- Zimbra Collaboration
- Published
- Oct 02, 2024
- EPSS
- —
Description
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
CVSS scores
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- total
References
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes
- https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Oct 03, 2024 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2024/CVE-2024-45519.yaml | Apr 25, 2025 |
| Nessus | https://www.tenable.com/plugins/nessus/208035 | Oct 02, 2024 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2024-10-05 00:15:18 UTC · 122 stars
Zimbra - Remote Command Execution (CVE-2024-45519)
github · Created 2024-09-28 08:29:06 UTC · 42 stars
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Detected by Nessus
-
Added to KEVIntel
-
Proof of Concept Exploit Available
-
Detected by Nuclei