CVE-2024-45519 – Synacor Zimbra Collaboration Command Execution Vulnerability

https://notcve.org/view.php?id=CVE-2024-45519

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. El servicio postjournal en Zimbra Collaboration (ZCS) anterior a la versión 8.8.15 parche 46, 9 anterior a la versión 9.0.0 parche 41, 10 anterior a la versión 10.0.9 y 10.1 anterior a la versión 10.1.1 a veces permite que usuarios no autenticados ejecuten comandos. Synacor Zimbra Collaboration contains an unspecified vulnerability in the postjournal service that may allow an unauthenticated user to execute commands. • https://github.com/Chocapikk/CVE-2024-45519 https://github.com/p33d/CVE-2024-45519 https://github.com/TOB1a3/CVE-2024-45519-PoC https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes https://wiki.zimbra.com/wiki&# • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-863: Incorrect Authorization •