An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Zimbra |
|
Configuration 1 [-]
|
No data.
References
History
Wed, 14 Aug 2024 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p30:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p31:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p32:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p33:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p34:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p35:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p36:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p37:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p38:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p39:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:* |
Tue, 13 Aug 2024 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Zimbra
Zimbra collaboration |
|
| Weaknesses | CWE-22 | |
| CPEs | cpe:2.3:a:zimbra:collaboration:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:* |
|
| Vendors & Products |
Zimbra
Zimbra collaboration |
|
| Metrics |
cvssV3_1
|
Mon, 12 Aug 2024 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 12 Aug 2024 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-08-12T00:00:00
Updated: 2024-08-12T18:13:34.376Z
Reserved: 2024-04-24T00:00:00
Link: CVE-2024-33535
Vulnrichment
Updated: 2024-08-12T18:13:26.686Z
NVD
Status : Analyzed
Published: 2024-08-12T15:15:20.570
Modified: 2024-08-14T13:18:38.770
Link: CVE-2024-33535
Redhat
No data.