How severe is CVE-2024-45518?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-45518?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2024-45518 - HIGH Severity | CVSS 7.5

Vulnerability Description

An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitization and misconfigured domain whitelisting. This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Remote Code Execution (RCE) by chaining Command Injection within the internal service. When combined with existing XSS vulnerabilities, this SSRF issue can further facilitate Remote Code Execution (RCE).

Related Vulnerabilities

CVE-2007-6758

HIGH

CVSS:7.5(High)

Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0.

CWE-9182007

CVE-2017-0929

HIGH

CVSS:7.5(High)

DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resou...

CWE-9182017

CVE-2017-1000419

HIGH

CVSS:7.5(High)

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal ser...

CWE-9182017

CVE-2017-18638

HIGH

CVSS:7.5(High)

send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server re...

CWE-9182017

CVE-2017-3164

HIGH

CVSS:7.5(High)

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the ser...

CWE-9182017

CVE-2018-12809

HIGH

CVSS:7.5(High)

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

CWE-9182018