Synacor Zimbra Collaboration Command Execution Vulnerability (CVE-2024-45519)

Imechapishwa: Oct 12, 2024 08:51

Advisory No: TZCERT-SA-24-0032

Source: FortiGuard

Software Affected: Postjournal

Overview

Zimbra is vulnerable to a critical vulnerability. A remote attacker can exploit the vulnerability to execute arbitrary code.

Description

Zimbra systems running Postjournal are vulnerable to a critical vulnerability tracked CVE-2024-45519 as with CVSS base score 9.8. vulnerability in the postjournal service used for recording email communications. This OS command injection flaw can be exploited without authentication and successful exploitation can lead to unauthorized access, privilege escalation, and potential compromise of the affected system's integrity and confidentiality.

Impact

Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.

Solution

Zimbra has released a security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Ripoti Tukio