CVE-2023-24032 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-24032 PUBLISHED CVSS 8.5 HIGH

In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).

EPSS 0.08% · 22.9th percentile

Risk Scores

CVSS v4.0

8.5

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.08%

22.9th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	*
zimbra	collaboration	8.8.15, 8.8.15, 8.8.15

Timeline

Jun 15, 2023 CVE Published
Jun 16, 2023 EPSS Score
Jul 21, 2023 EPSS Score
Aug 25, 2023 EPSS Score
Sep 29, 2023 EPSS Score
Nov 3, 2023 EPSS Score
Dec 7, 2023 EPSS Score
Jan 11, 2024 EPSS Score
Feb 15, 2024 EPSS Score
Mar 21, 2024 EPSS Score
Apr 25, 2024 EPSS Score
May 30, 2024 EPSS Score

References

Open in Interactive Console →