CVE-2023-24032

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite versions 8.8.15 through 9.0

Description The issue in Zimbra Collaboration Suite is related to the use of certain JVM arguments in the mailbox manager, which can be exploited by an attacker with initial user access to a Zimbra server instance. This can lead to local privilege escalation (LPE) by executing commands as root. The exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Zimbra Collaboration Suite versions 8.8.15 through 9.0, consider disabling the use of JVM arguments in the mailbox manager as a temporary workaround until a patch is available. Restrict access to the mailbox manager to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.