VDB

CVE-2023-24032

CVE-2023-24032 PUBLISHED CVSS 8.5 HIGH

In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).

EPSS 0.08% · 23.3th percentile

Risk Scores

CVSS 4.0
8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.08%
23.3th percentile

Affected Products

VendorProductVersions
n/an/a*
zimbracollaboration8.8.15, 8.8.15, 8.8.15

Timeline

  • Jun 15, 2023 CVE Published
  • Jun 16, 2023 EPSS Score
  • Jul 21, 2023 EPSS Score
  • Aug 26, 2023 EPSS Score
  • Sep 30, 2023 EPSS Score
  • Nov 5, 2023 EPSS Score
  • Dec 10, 2023 EPSS Score
  • Jan 15, 2024 EPSS Score
  • Feb 19, 2024 EPSS Score
  • Mar 26, 2024 EPSS Score
  • Apr 30, 2024 EPSS Score
  • Jun 5, 2024 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›