Security News > 2024 > October > Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)
Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. Proofpoint’s threat researchers say that the attacks started on September 28 – several weeks after Zimbra developers released patches for CVE-2024-45519 and other flaws, and a day after ProjectDiscovery’s analysts published a detailed technical write-up about the vulnerability and a PoC exploit to demonstrate the potential for local exploitation. Other researchers have published PoCs on GitHub … More → The post Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/10/02/cve-2024-45519-exploited/
Related news
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers (source)
- Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability (source)
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-02 | CVE-2024-45519 | Unspecified vulnerability in Zimbra Collaboration The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. | 9.8 |