Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Zimbra Collaboration Suite (ZCS)
Alerts

Critical Vulnerability in Zimbra Collaboration Suite (ZCS)

4 October 2024

Zimbra has released security updates addressing a critical vulnerability (CVE-2024-45519) affecting their Zimbra's postjournal service. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

Successful exploitation of the command injection vulnerability can lead to remote code execution (RCE) on Zimbra servers, allowing attackers to execute arbitrary commands and install webshells for persistent backdoor access.

The vulnerability affects the following products:

  • Zimbra Collaboration Suite version 8.8.15 before Patch 46

  • Zimbra Collaboration Suite version 9.0.0 before Patch 41

  • Zimbra Collaboration Suite version 10 before 10.0.9

  • Zimbra Collaboration Suite version 10.1 before 10.1.1

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:

https://wiki.zimbra.com/wiki/Security_Center

https://nvd.nist.gov/vuln/detail/CVE-2024-45519

https://www.helpnetsecurity.com/2024/10/02/cve-2024-45519-exploited/

https://thehackernews.com/2024/10/researchers-sound-alarm-on-active.html

Back to top