CVE-2024-33535 (GCVE-0-2024-33535)
Vulnerability from cvelistv5 – Published: 2024-08-12 00:00 – Updated: 2025-03-19 15:58
VLAI?
Summary
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T18:13:11.747339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T15:58:06.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T14:57:05.961Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes"
},
{
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Security_Fixes"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-33535",
"datePublished": "2024-08-12T00:00:00.000Z",
"dateReserved": "2024-04-24T00:00:00.000Z",
"dateUpdated": "2025-03-19T15:58:06.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndExcluding\": \"10.0.8\", \"matchCriteriaId\": \"A5BC091A-EE5A-4D34-9D2E-754D3C2FCA3F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"685D9652-2934-4C13-8B36-40582C79BFC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E4DF01A-1AA9-47E8-82FD-65A02ECA1376\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDE59185-B917-4A81-8DE4-C65A079F52FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA3ED95F-95F2-4676-8EAF-B4B9EB64B260\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BB93336-CC3C-4B7F-B194-7DED036ABBAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*\", \"matchCriteriaId\": \"876F1675-F65C-4E86-ADBD-36EB8D8A997D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*\", \"matchCriteriaId\": \"2306F526-9C56-4A57-AA9B-02F2D6058C97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*\", \"matchCriteriaId\": \"C77A35B7-96F6-43A7-A747-C6AEEDE961E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC35882B-E709-42D8-8800-F1B734CEAFC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7A47276-F241-4A68-9458-E1481EBDC5E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"12D0D469-6C9B-4B66-9581-DC319773238A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:*\", \"matchCriteriaId\": \"40629BEB-DF4B-4FB8-8D3D-7BAC43C90766\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:*\", \"matchCriteriaId\": \"9503131F-CC23-4545-AE9C-9714B287CC25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:*\", \"matchCriteriaId\": \"8113A4E3-AA96-4382-815D-6FD88BA42EC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC8C28E0-6C51-41EE-A7B2-DB185D1D8FD0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC19F11D-23D9-429D-A957-D67F23A40A01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*\", \"matchCriteriaId\": \"AAFA2EE7-C965-4F27-8CAE-E607A9F202AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p30:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD1DCE2B-D944-43AE-AD0E-9282DE6D618F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p31:*:*:*:*:*:*\", \"matchCriteriaId\": \"2079B9F8-128B-487D-A965-E8B37FDF6304\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p32:*:*:*:*:*:*\", \"matchCriteriaId\": \"9679FD62-815E-47A8-8552-D28CE48B82B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p33:*:*:*:*:*:*\", \"matchCriteriaId\": \"D659AE6A-591E-4D5B-9781-9648250F5576\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p34:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4054E3E-561C-4B1C-A615-3CCE5CB69D77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p35:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FA0E9C4-25E4-4CD6-B88A-02B413385866\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p36:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D6F7CA3-C36A-466C-8FAD-D0B3CEF01F0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p37:*:*:*:*:*:*\", \"matchCriteriaId\": \"9684AC81-B557-4292-8402-AE55CB2E613C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p38:*:*:*:*:*:*\", \"matchCriteriaId\": \"32A352C4-0E9C-436F-ADA7-D93492A18037\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p39:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABCA8698-AB88-4A6D-BD2B-DB22AEED6536\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"33F50D8C-7027-4A8D-8E95-98C224283772\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*\", \"matchCriteriaId\": \"82000BA4-1781-4312-A7BD-92EC94D137AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B52D301-2559-457A-8FFB-F0915299355A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*\", \"matchCriteriaId\": \"7215AE2C-8A33-4AB9-88D5-7C8CD11E806C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D859F77-8E39-4D46-BC90-C5C1D805A666\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDC810C7-45DA-4BDF-9138-2D3B2750243E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*\", \"matchCriteriaId\": \"E09D95A4-764D-4E0B-8605-1D94FD548AB2\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory.\"}, {\"lang\": \"es\", \"value\": \"Se descubri\\u00f3 un problema en Zimbra Collaboration (ZCS) 9.0 y 10.0. La vulnerabilidad implica la inclusi\\u00f3n de archivos locales (LFI) no autenticados en una aplicaci\\u00f3n web, lo que afecta espec\\u00edficamente el manejo del par\\u00e1metro de paquetes. Los atacantes pueden aprovechar esta falla para incluir archivos locales arbitrarios sin autenticaci\\u00f3n, lo que podr\\u00eda conducir a un acceso no autorizado a informaci\\u00f3n confidencial. La vulnerabilidad se limita a archivos dentro de un directorio espec\\u00edfico.\"}]",
"id": "CVE-2024-33535",
"lastModified": "2024-08-14T13:18:38.770",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-08-12T15:15:20.570",
"references": "[{\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Security_Fixes\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-33535\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-08-12T15:15:20.570\",\"lastModified\":\"2025-03-19T16:15:24.753\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en Zimbra Collaboration (ZCS) 9.0 y 10.0. La vulnerabilidad implica la inclusi\u00f3n de archivos locales (LFI) no autenticados en una aplicaci\u00f3n web, lo que afecta espec\u00edficamente el manejo del par\u00e1metro de paquetes. Los atacantes pueden aprovechar esta falla para incluir archivos locales arbitrarios sin autenticaci\u00f3n, lo que podr\u00eda conducir a un acceso no autorizado a informaci\u00f3n confidencial. La vulnerabilidad se limita a archivos dentro de un directorio espec\u00edfico.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.8\",\"matchCriteriaId\":\"A5BC091A-EE5A-4D34-9D2E-754D3C2FCA3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"685D9652-2934-4C13-8B36-40582C79BFC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E4DF01A-1AA9-47E8-82FD-65A02ECA1376\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDE59185-B917-4A81-8DE4-C65A079F52FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA3ED95F-95F2-4676-8EAF-B4B9EB64B260\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BB93336-CC3C-4B7F-B194-7DED036ABBAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"876F1675-F65C-4E86-ADBD-36EB8D8A997D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"2306F526-9C56-4A57-AA9B-02F2D6058C97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*\",\"matchCriteriaId\":\"C77A35B7-96F6-43A7-A747-C6AEEDE961E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC35882B-E709-42D8-8800-F1B734CEAFC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7A47276-F241-4A68-9458-E1481EBDC5E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"12D0D469-6C9B-4B66-9581-DC319773238A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:*\",\"matchCriteriaId\":\"40629BEB-DF4B-4FB8-8D3D-7BAC43C90766\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:*\",\"matchCriteriaId\":\"9503131F-CC23-4545-AE9C-9714B287CC25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:*\",\"matchCriteriaId\":\"8113A4E3-AA96-4382-815D-6FD88BA42EC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC8C28E0-6C51-41EE-A7B2-DB185D1D8FD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC19F11D-23D9-429D-A957-D67F23A40A01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAFA2EE7-C965-4F27-8CAE-E607A9F202AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p30:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD1DCE2B-D944-43AE-AD0E-9282DE6D618F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p31:*:*:*:*:*:*\",\"matchCriteriaId\":\"2079B9F8-128B-487D-A965-E8B37FDF6304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p32:*:*:*:*:*:*\",\"matchCriteriaId\":\"9679FD62-815E-47A8-8552-D28CE48B82B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p33:*:*:*:*:*:*\",\"matchCriteriaId\":\"D659AE6A-591E-4D5B-9781-9648250F5576\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p34:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4054E3E-561C-4B1C-A615-3CCE5CB69D77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p35:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FA0E9C4-25E4-4CD6-B88A-02B413385866\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p36:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D6F7CA3-C36A-466C-8FAD-D0B3CEF01F0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p37:*:*:*:*:*:*\",\"matchCriteriaId\":\"9684AC81-B557-4292-8402-AE55CB2E613C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p38:*:*:*:*:*:*\",\"matchCriteriaId\":\"32A352C4-0E9C-436F-ADA7-D93492A18037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p39:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABCA8698-AB88-4A6D-BD2B-DB22AEED6536\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F50D8C-7027-4A8D-8E95-98C224283772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"82000BA4-1781-4312-A7BD-92EC94D137AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B52D301-2559-457A-8FFB-F0915299355A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"7215AE2C-8A33-4AB9-88D5-7C8CD11E806C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D859F77-8E39-4D46-BC90-C5C1D805A666\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDC810C7-45DA-4BDF-9138-2D3B2750243E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"E09D95A4-764D-4E0B-8605-1D94FD548AB2\"}]}]}],\"references\":[{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Security_Fixes\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-33535\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-12T18:13:11.747339Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-12T18:13:26.686Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes\"}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Security_Fixes\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-08-12T14:57:05.961Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-33535\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-19T15:58:06.291Z\", \"dateReserved\": \"2024-04-24T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-08-12T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…