CVE-2024-33535
Last modified
CVE-2024-33535 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. EPSS estimates a 0.55% chance of exploitation in the next 30 days.
Description
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zimbra | Collaboration | >= 10.0.0, < 10.0.8 |
| Zimbra | Collaboration | 9.0.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-33535?
How severe is CVE-2024-33535?
How do I fix CVE-2024-33535?
Are you affected by CVE-2024-33535?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST