CVE-2024-33535

Summary

CVE-2024-33535 is a newly disclosed vulnerability affecting Zimbra Collaboration Software versions 9.0 and 10.0. This issue permits unauthenticated attackers to perform Local File Inclusion (LFI) attacks by exploiting a weakness in the web application's handling of the packages parameter. The vulnerability allows attackers to include arbitrary local files, increasing the risk of unauthorized access to sensitive information. It is essential to note that the vulnerability is restricted to files within a specific directory, limiting the potential impact.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.