7.8

CVE-2023-24032

In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZimbraCollaboration Version8.8.15 Update-
ZimbraCollaboration Version8.8.15 Updatep1
ZimbraCollaboration Version8.8.15 Updatep10
ZimbraCollaboration Version8.8.15 Updatep11
ZimbraCollaboration Version8.8.15 Updatep12
ZimbraCollaboration Version8.8.15 Updatep13
ZimbraCollaboration Version8.8.15 Updatep14
ZimbraCollaboration Version8.8.15 Updatep15
ZimbraCollaboration Version8.8.15 Updatep16
ZimbraCollaboration Version8.8.15 Updatep17
ZimbraCollaboration Version8.8.15 Updatep18
ZimbraCollaboration Version8.8.15 Updatep19
ZimbraCollaboration Version8.8.15 Updatep2
ZimbraCollaboration Version8.8.15 Updatep20
ZimbraCollaboration Version8.8.15 Updatep21
ZimbraCollaboration Version8.8.15 Updatep22
ZimbraCollaboration Version8.8.15 Updatep23
ZimbraCollaboration Version8.8.15 Updatep24
ZimbraCollaboration Version8.8.15 Updatep25
ZimbraCollaboration Version8.8.15 Updatep26
ZimbraCollaboration Version8.8.15 Updatep27
ZimbraCollaboration Version8.8.15 Updatep28
ZimbraCollaboration Version8.8.15 Updatep29
ZimbraCollaboration Version8.8.15 Updatep3
ZimbraCollaboration Version8.8.15 Updatep30
ZimbraCollaboration Version8.8.15 Updatep31
ZimbraCollaboration Version8.8.15 Updatep32
ZimbraCollaboration Version8.8.15 Updatep33
ZimbraCollaboration Version8.8.15 Updatep34
ZimbraCollaboration Version8.8.15 Updatep35
ZimbraCollaboration Version8.8.15 Updatep4
ZimbraCollaboration Version8.8.15 Updatep5
ZimbraCollaboration Version8.8.15 Updatep6
ZimbraCollaboration Version8.8.15 Updatep7
ZimbraCollaboration Version8.8.15 Updatep8
ZimbraCollaboration Version8.8.15 Updatep9
ZimbraCollaboration Version9.0.0 Update-
ZimbraCollaboration Version9.0.0 Updatep0
ZimbraCollaboration Version9.0.0 Updatep1
ZimbraCollaboration Version9.0.0 Updatep10
ZimbraCollaboration Version9.0.0 Updatep11
ZimbraCollaboration Version9.0.0 Updatep12
ZimbraCollaboration Version9.0.0 Updatep13
ZimbraCollaboration Version9.0.0 Updatep14
ZimbraCollaboration Version9.0.0 Updatep15
ZimbraCollaboration Version9.0.0 Updatep19
ZimbraCollaboration Version9.0.0 Updatep2
ZimbraCollaboration Version9.0.0 Updatep23
ZimbraCollaboration Version9.0.0 Updatep25
ZimbraCollaboration Version9.0.0 Updatep26
ZimbraCollaboration Version9.0.0 Updatep27
ZimbraCollaboration Version9.0.0 Updatep3
ZimbraCollaboration Version9.0.0 Updatep33
ZimbraCollaboration Version9.0.0 Updatep4
ZimbraCollaboration Version9.0.0 Updatep5
ZimbraCollaboration Version9.0.0 Updatep6
ZimbraCollaboration Version9.0.0 Updatep7
ZimbraCollaboration Version9.0.0 Updatep7.1
ZimbraCollaboration Version9.0.0 Updatep8
ZimbraCollaboration Version9.0.0 Updatep9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.07% 0.217
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.