Back

CVE-2024-33535

Aug. 12, 2024, 6:57 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Zimbra Collaboration

  • 9.0
  • 10.0

Source

cve@mitre.org

Tags

cve@mitre.org
2024-08-12
CVE-2024-33535

CVE-2024-33535 details

Published : Aug. 12, 2024, 3:15 p.m.
Last Modified : Aug. 12, 2024, 6:57 p.m.

Description

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes cve@mitre.org
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Security_Fixes cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.