VDB
CVE-2023-24032
CVE-2023-24032
PUBLISHED
CVSS 8.5 HIGH
In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).
EPSS 0.08% · 23.3th percentile
Risk Scores
CVSS 4.0
8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.08%
23.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| zimbra | collaboration | 8.8.15, 8.8.15, 8.8.15 |
Exploit Intelligence
Timeline
- Jun 15, 2023 CVE Published
- Jun 16, 2023 EPSS Score
- Jul 21, 2023 EPSS Score
- Aug 26, 2023 EPSS Score
- Sep 30, 2023 EPSS Score
- Nov 5, 2023 EPSS Score
- Dec 10, 2023 EPSS Score
- Jan 15, 2024 EPSS Score
- Feb 19, 2024 EPSS Score
- Mar 26, 2024 EPSS Score
- Apr 30, 2024 EPSS Score
- Jun 5, 2024 EPSS Score