CVE-2024-54663
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Dec 19, 2024
Updated: Dec 31, 2024
CWE ID 829
Summary
CVE-2024-54663 is a Local File Inclusion (LFI) vulnerability affecting Zimbra Collaboration (ZCS) versions 9.0, 10.0, and 10.1 in the Webmail Classic UI. This issue is located in the /h/rest endpoint, enabling authenticated remote attackers to access sensitive files in the WebRoot directory by crafting a malicious request. Successful exploitation necessitates a valid authentication token.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share