CVE-2024-45519

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration versions prior to 8.8.15 Patch 46 Zimbra Collaboration versions 9 prior to 9.0.0 Patch 41 Zimbra Collaboration versions 10 prior to 10.0.9 Zimbra Collaboration versions 10.1 prior to 10.1.1

Description The postjournal service in Zimbra Collaboration sometimes allows unauthenticated users to execute commands. This issue is actively being exploited in the wild, with threat actors sending spam emails loaded with code that aims to exploit the flaw. The vulnerability allows attackers to execute arbitrary commands on affected installations, potentially leading to unauthorized access and code execution. Over 19,000 public Zimbra installations are vulnerable to code execution attacks.

Recommendations For Zimbra Collaboration versions prior to 8.8.15 Patch 46, update to version 8.8.15 Patch 46 or later. For Zimbra Collaboration versions 9 prior to 9.0.0 Patch 41, update to version 9.0.0 Patch 41 or later. For Zimbra Collaboration versions 10 prior to 10.0.9, update to version 10.0.9 or later. For Zimbra Collaboration versions 10.1 prior to 10.1.1, update to version 10.1.1 or later. As a temporary workaround, consider disabling the postjournal service until a patch is available.