FlagThis

References :

• cyble.com: A critical remote code execution (RCE) vulnerability (CVE-2024-45519) in Zimbra's postjournal service is under active attack; users are urged to patch immediately.
• securityonline.info: Enterprise security firm Proofpoint has issued a critical warning regarding active exploitation attempts against Synacor’s Zimbra Collaboration platform. A recently disclosed security flaw, tracked as CVE-2024-45519, has been under attack... The post appeared first on .
• infosec.exchange: Does anyone have visibility into the ongoing exploitation of the Zimbra vulnerability CVE-2024-45519? Seems like exploitation would be fairly easy if all that's required is sending a malformed email. Further, the ability to remotely execute code seems like this would heighten the severity level. One researcher describes the activity in the wild as "mass exploitation." Can and others provide a reality check regarding the ease, severity and volume of the exploitation?
• cyble.com: CISA Flags Multiple Critical Vulnerabilities Exposed Across Major Platforms
• www.cisa.gov: CISA's Known Exploited Vulnerabilities Catalog
• odin.io: CISA Flags Multiple Critical Vulnerabilities Exposed Across Major Platforms
• securityonline.info: CISA Adds Three Actively Exploited Security Vulnerabilities to KEV Catalog, Urges Urgent Patching

Classification:

• HashTags: #CISA #Vulnerability #Cybersecurity
• Company: CISA
• Target: Multiple Platforms
• Product: Platforms
• Feature: Vulnerabilities
• Type: Vulnerability
• Severity: Major