An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitization and misconfigured domain whitelisting. This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Remote Code Execution (RCE) by chaining Command Injection within the internal service. When combined with existing XSS vulnerabilities, this SSRF issue can further facilitate Remote Code Execution (RCE).
{
"versions": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.9"
},
{
"introduced": "0"
},
{
"last_affected": "8.8.15-NA"
},
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p1"
},
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p11"
},
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p20"
},
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p26"
},
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p3"
},
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p30"
},
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p31"
},
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p32"
},
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p33"
},
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p34"
},
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p35"
},
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p40"
},
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p43"
},
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p44"
},
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p45"
},
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p5"
},
{
"introduced": "0"
},
{
"last_affected": "9.0.0-NA"
},
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p0"
},
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p1"
},
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p19"
},
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p20"
},
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p23"
},
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p25"
},
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p26"
},
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p27"
},
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p33"
},
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p36"
},
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p37"
},
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p38"
},
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p4"
},
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p7"
},
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p7\\.1"
},
{
"introduced": "0"
},
{
"last_affected": "10.1.0"
}
]
}"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45518.json"
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p17"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p19"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p21"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p22"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p23"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p24"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p25"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p27"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p28"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p29"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p37"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p41"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p42"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8.15-p9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p21"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p24"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p24\\.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p34"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p35"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p39"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p40"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p9"
}
]
}
]