Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-54663

Dec. 19, 2024, 11:15 p.m.

Tags

cve@mitre.org
2024-12-19
CVE-2024-54663

Product(s) Impacted

Zimbra Collaboration

  • 9.0
  • 10.0
  • 10.1

Description

An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Local File Inclusion (LFI) vulnerability exists in the /h/rest endpoint, allowing authenticated remote attackers to include and access sensitive files in the WebRoot directory. Exploitation requires a valid auth token and involves crafting a malicious request targeting specific file paths.

Weaknesses

Date

Published: Dec. 19, 2024, 11:15 p.m.

Last Modified: Dec. 19, 2024, 11:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References

https://wiki.zimbra.com/ cve@mitre.org
https://wiki.zimbra.com/ cve@mitre.org