CVE-2024-45519

CVE Database · CVE-2024-45519

CVE-2024-45519

· CRITICALAnalyzed

CVSS v3.1

10.0

EPSS

99.98%

Published

Oct 2, 2024

Modified

Nov 4, 2025

CISA Known Exploited Vulnerability

Added: 2024-10-03 · Due: 2024-10-24

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (4)

All weaponized →

TrickestTrickest PoC index GitHub PoCChocapikk/CVE-2024-45519★138 GitHub PoCp33d/CVE-2024-45519★42 GitHub PoCsec13b/CVE-2024-45519★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78

Affected Products (92)

synacor · zimbra_collaboration_suite (up to 8.8.15)vulnerable

synacor · zimbra_collaboration_suite (up to 10.0.9)vulnerable

synacor · zimbra_collaboration_suitevulnerable

References (8)

https://wiki.zimbra.com/wiki/Security_Center

Release Notes

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes

Release Notes

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes

Release Notes

https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes

Release Notes

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes

Release Notes

https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy

Not Applicable

https://blog.projectdiscovery.io/zimbra-remote-code-execution/

KEV Catalog EPSS Scores Vendors All CVEs

synacor · zimbra_collaboration_suite

synacor · zimbra_collaboration_suitevulnerable