Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-33535
HistoryAug 12, 2024 - 3:15 p.m.

CVE-2024-33535

2024-08-1215:15:20
CWE-22
[email protected]
web.nvd.nist.gov
6
zimbra collaboration
unauthenticated access
local file inclusion

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

39.1%

JSON

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory.

Affected configurations

Nvd
Node
zimbracollaborationRange10.0.010.0.8
OR
zimbracollaborationMatch9.0.0-
OR
zimbracollaborationMatch9.0.0p0
OR
zimbracollaborationMatch9.0.0p1
OR
zimbracollaborationMatch9.0.0p10
OR
zimbracollaborationMatch9.0.0p11
OR
zimbracollaborationMatch9.0.0p12
OR
zimbracollaborationMatch9.0.0p13
OR
zimbracollaborationMatch9.0.0p14
OR
zimbracollaborationMatch9.0.0p15
OR
zimbracollaborationMatch9.0.0p16
OR
zimbracollaborationMatch9.0.0p19
OR
zimbracollaborationMatch9.0.0p2
OR
zimbracollaborationMatch9.0.0p20
OR
zimbracollaborationMatch9.0.0p21
OR
zimbracollaborationMatch9.0.0p23
OR
zimbracollaborationMatch9.0.0p24
OR
zimbracollaborationMatch9.0.0p24.1
OR
zimbracollaborationMatch9.0.0p25
OR
zimbracollaborationMatch9.0.0p26
OR
zimbracollaborationMatch9.0.0p27
OR
zimbracollaborationMatch9.0.0p3
OR
zimbracollaborationMatch9.0.0p30
OR
zimbracollaborationMatch9.0.0p31
OR
zimbracollaborationMatch9.0.0p32
OR
zimbracollaborationMatch9.0.0p33
OR
zimbracollaborationMatch9.0.0p34
OR
zimbracollaborationMatch9.0.0p35
OR
zimbracollaborationMatch9.0.0p36
OR
zimbracollaborationMatch9.0.0p37
OR
zimbracollaborationMatch9.0.0p38
OR
zimbracollaborationMatch9.0.0p39
OR
zimbracollaborationMatch9.0.0p4
OR
zimbracollaborationMatch9.0.0p5
OR
zimbracollaborationMatch9.0.0p6
OR
zimbracollaborationMatch9.0.0p7
OR
zimbracollaborationMatch9.0.0p7.1
OR
zimbracollaborationMatch9.0.0p8
OR
zimbracollaborationMatch9.0.0p9
VendorProductVersionCPE
zimbracollaboration*cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*
Rows per page:
1-10 of 391

Related

cvelist 1
vulnrichment 1
cve 1
cvelist
cvelist
CVE-2024-33535
2024-08-12 00:00:00
vulnrichment
vulnrichment
CVE-2024-33535
2024-08-12 00:00:00
cve
cve
CVE-2024-33535
2024-08-12 15:15:20

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

39.1%

JSON
Related for NVD:CVE-2024-33535
cvelist1vulnrichment1cve1