Imechapishwa: Oct 12, 2024 08:51
Advisory No: TZCERT-SA-24-0032
Source: FortiGuard
Software Affected: Postjournal
Zimbra is vulnerable to a critical vulnerability. A remote attacker can exploit the vulnerability to execute arbitrary code.
Zimbra systems running Postjournal are vulnerable to a critical vulnerability tracked CVE-2024-45519 as with CVSS base score 9.8. vulnerability in the postjournal service used for recording email communications. This OS command injection flaw can be exploited without authentication and successful exploitation can lead to unauthorized access, privilege escalation, and potential compromise of the affected system's integrity and confidentiality.
Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.
Zimbra has released a security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.