Unauthorized Access to Sensitive Information via Local File Inclusion Vulnerability
CVE-2024-33535

7.5HIGH

Key Information:

Vendor: Zimbra
Status: Collaboration
Vendor: CVE Published:; 12 August 2024

What is CVE-2024-33535?

A security vulnerability exists in Zimbra Collaboration, specifically in versions 9.0 and 10.0, where an unauthenticated local file inclusion (LFI) flaw can be exploited through the web application's handling of the packages parameter. This weakness allows attackers to include arbitrary local files without requiring authentication, potentially leading to unauthorized access and exposure of sensitive information stored on the server. The vulnerability is confined to files located within a specific directory, highlighting the importance of monitoring and securing file access permissions in the affected versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Secur...

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Se...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
Apr 24, 2024

JSON

Zimbra

What is CVE-2024-33535?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.