Overview

Zimbra is vulnerable to a critical vulnerability. A remote attacker can exploit the vulnerability to execute arbitrary code.

Description

Zimbra systems running Postjournal are vulnerable to a critical vulnerability tracked CVE-2024-45519 as with CVSS base score 9.8. vulnerability in the postjournal service used for recording email communications. This OS command injection flaw can be exploited without authentication and successful exploitation can lead to unauthorized access, privilege escalation, and potential compromise of the affected system's integrity and confidentiality.

Impact

Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.

Solution

Zimbra has released a security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References

• 1. https://fortiguard.fortinet.com/outbreak-alert/zimbra-collaboration-rce
• 2. https://github.com/Chocapikk/CVE-2024-45519