CVE-2024-54663

CVSS 3.1 Score 7.5 of 10 (high)

Attack Complexity low

Confidentiality high

Integrity none

Availability none

Scope unchanged

Privileges Required none

Details

Published Dec 19, 2024

Updated: Dec 31, 2024

CWE ID 829

Summary

CVE-2024-54663 is a Local File Inclusion (LFI) vulnerability affecting Zimbra Collaboration (ZCS) versions 9.0, 10.0, and 10.1 in the Webmail Classic UI. This issue is located in the /h/rest endpoint, enabling authenticated remote attackers to access sensitive files in the WebRoot directory by crafting a malicious request. Successful exploitation necessitates a valid authentication token.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1OWcCa
https://www.cve.org/CVERecord?id=CVE-2024-54663
https://nvd.nist.gov/vuln/detail/CVE-2024-54663

Back to Vulnerability Database

CVE-2024-54663

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations