CVE-2024-33535

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 12, 2024
Updated: Aug 14, 2024
CWE ID 22

Summary

CVE-2024-33535 is a newly disclosed vulnerability affecting Zimbra Collaboration Software versions 9.0 and 10.0. This issue permits unauthenticated attackers to perform Local File Inclusion (LFI) attacks by exploiting a weakness in the web application's handling of the packages parameter. The vulnerability allows attackers to include arbitrary local files, increasing the risk of unauthorized access to sensitive information. It is essential to note that the vulnerability is restricted to files within a specific directory, limiting the potential impact.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Zimbra Collaboration Suite

Affected Vendors

  • Zimbra