#CVE202445519

Critical Zimbra RCE flaw actively exploited to take over servers

by

October 2, 2024 at 10:20AM Cyber attackers are exploiting a Zimbra email server vulnerability (CVE-2024-45519) using specially crafted emails to trigger remote code execution. Proofpoint detected this “mass-exploitation,” as malicious emails spoofing Gmail deploy fake addresses and harmful code in the CC field. Installation of the webshell via the exploit provides full access to the … Read more

Zimbra RCE Vuln Under Attack Needs Immediate Patching

by

October 1, 2024 at 05:47PM Cyber attackers are actively exploiting a severe remote code execution vulnerability (CVE-2024-45519) in Zimbra’s SMTP server, allowing them to take control of vulnerable systems. Proofpoint researchers observed attacks since Sept. 28, with attackers sending spoofed emails containing base64-encoded malicious code. Zimbra issued updates, but administrators need to apply them promptly … Read more