CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-33535

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.7%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2024-33535

Zimbra » Collaboration » Version: 10.0.0

cpe:2.3:a:zimbra:collaboration:10.0.0
Zimbra » Collaboration » Version: 10.0.1

cpe:2.3:a:zimbra:collaboration:10.0.1
Zimbra » Collaboration » Version: 10.0.2

cpe:2.3:a:zimbra:collaboration:10.0.2
Zimbra » Collaboration » Version: 10.0.3

cpe:2.3:a:zimbra:collaboration:10.0.3
Zimbra » Collaboration » Version: 10.0.4

cpe:2.3:a:zimbra:collaboration:10.0.4
Zimbra » Collaboration » Version: 10.0.5

cpe:2.3:a:zimbra:collaboration:10.0.5
Zimbra » Collaboration » Version: 10.0.6

cpe:2.3:a:zimbra:collaboration:10.0.6
Zimbra » Collaboration » Version: 10.0.7

cpe:2.3:a:zimbra:collaboration:10.0.7
Zimbra » Collaboration » Version: 9.0.0

cpe:2.3:a:zimbra:collaboration:9.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-33535

Products

Pricing

Contact Us