A critical Zimbra vulnerability, tracked as CVE-2024-45519, is being actively exploited by hackers. The flaw allows attackers to execute commands on vulnerable installations. These attacks began on September 28. Zimbra Collaboration, created by Synacor, is a “cloud-hosted collaboration software and email platform.” The vulnerability is an operating system command injection vulnerability. It can be exploited without authentication, recording email communications. By sending specifically crafted emails, attackers can attempt to install a webshell. Installation allows the hackers to execute downloads and files or execute commands. 

Read more: https://www.helpnetsecurity.com/2024/10/02/cve-2024-45519-exploited/