CVE Radar

CVE Radar Logo
CVERadar

Edition used by more than 30,000 companies in more than 150 countries.
Sign Up For Free

CVE-2024-27443

High Severity|Zimbra
58
SVRS
6.1
CVSSv3
0.19543
EPSS
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this via an email message containing a crafted calendar header with an embedded XSS payload. When a victim views this message in the Zimbra webmail classic interface, the payload is executed in the context of the victim's session, potentially leading to execution of arbitrary JavaScript code.
TAGS
CISA KEVIn The WildExploit Available
VECTOR STRING
CVSS:3.1AV:NAC:LPR:NUI:RS:CC:LI:LA:N
PUBLICATION DATE2024-08-12
LAST MODIFIED2025-10-21
SOCRadarAI Insight

Description

CVE-2024-27443 is a Cross-Site Scripting (XSS) vulnerability affecting Zimbra Collaboration (ZCS) versions 9.0 and 10.0. Specifically, the vulnerability resides within the CalendarInvite feature of the classic webmail interface, stemming from inadequate input validation when processing calendar headers. A malicious actor can inject a crafted calendar header containing an XSS payload into an email. When a user views this email in the Zimbra classic webmail interface, the embedded payload executes within the user's session, potentially enabling arbitrary JavaScript code execution. While the CVSS score is 6.1, the SOCRadar Vulnerability Risk Score (SVRS) is 60, indicating a medium level of risk. However, given the "Exploit Available" tag, "In The Wild" tag and CISA KEV tag, the real-world impact could be much higher.

Key Insights

  • XSS Vulnerability: This is a classic XSS vulnerability that allows an attacker to inject malicious scripts into the victim's browser when they view the crafted email. This can lead to session hijacking, data theft, or even complete account takeover.
  • Active Exploitation: Given that active exploits have been published and that it is used "In The Wild," the risk of exploitation is significantly elevated. Threat actors are actively leveraging this vulnerability, increasing the urgency for patching.
  • CISA KEV Designation: The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and CISA has warned of the vulnerability, calling for immediate and necessary measures. This requires U.S. federal civilian agencies to remediate this vulnerability by a specified date, indicating its serious and widespread risk.
  • Zimbra Classic Interface Target: The vulnerability specifically targets the classic webmail interface. Organizations that still utilize the classic interface for Zimbra are at higher risk and should consider migrating users to a more secure interface (if available) or prioritizing patching.

Mitigation Strategies

  • Apply the Patch Immediately: The most critical action is to apply the official patch provided by Zimbra to address CVE-2024-27443. Prioritize patching systems that are accessible from the internet.
  • Disable the Classic Interface: If possible, disable or deprecate the Zimbra classic interface and migrate users to the modern UI. This will eliminate the attack vector and prevent exploitation.
  • Implement Email Filtering: Employ email filtering rules to detect and block emails with suspicious calendar headers. Look for common XSS patterns and unusual characters in the header fields.
  • User Awareness Training: Conduct user awareness training to educate employees about the risks of clicking on links or opening attachments from unknown senders. Emphasize the importance of verifying the authenticity of emails, especially those containing calendar invites.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Deep CVE Analysis in Progress

The system is currently conducting an in-depth analysis of the selected CVE. This includes advanced correlation, vulnerability classification, and cross-referencing with real-time threat intelligence sources. Once the analysis is complete, the page will automatically update with enriched vulnerability data and actionable insights.

TypeIndicatorDate
IP
111.90.151.1672023-06-06Search on IOC Radar
HOSTNAME
hijx.xyz2025-05-19Search on IOC Radar
HOSTNAME
jiaw.shop2025-05-19Search on IOC Radar
HOSTNAME
raxia.top2025-05-16Search on IOC Radar
TitleSoftware LinkDate
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-274432025-05-19
SOCRadar Logo

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs
Focus Friday: Grafana Vulnerability and Cisco ClamAV Risks From a TPRM Perspective
Ferdi Gül2025-08-01
Focus Friday: Grafana Vulnerability and Cisco ClamAV Risks From a TPRM Perspective | Written by: Ferdi Gül This week’s Focus Friday highlights two critical areas of concern for Third-Party Risk Management (TPRM) professionals: a high-severity vulnerability in Grafana and multiple security flaws in Cisco’s ClamAV antivirus engine. As organizations continue to rely heavily on monitoring tools and embedded antivirus components provided by third parties, vulnerabilities in these platforms […] The post Focus Friday: Grafana Vulnerability and Cisco ClamAV Risks From a TPRM Perspective
cve-2025-3942cve-2024-12987cve-2025-3936cve-2025-2776
FOCUS FRIDAY: TPRM Insights into Mattermost Arbitrary File Write and MongoDB Denial-of-Service Vulnerabilities
Ferdi Gül2025-08-01
FOCUS FRIDAY: TPRM Insights into Mattermost Arbitrary File Write and MongoDB Denial-of-Service Vulnerabilities | Written by: Ferdi Gül This week’s Focus Friday delves into two recently disclosed vulnerabilities that carry significant implications for third-party risk: a critical arbitrary file write vulnerability in Mattermost, and two denial-of-service (DoS) vulnerabilities in MongoDB Server. While both platforms serve distinct operational roles—collaboration and data infrastructure—their security weaknesses can have wide-reaching consequences if leveraged […] The post FOCUS FRIDAY: TPRM Insights into Mattermost Arbitrary
cve-2025-6709cve-2025-3942cve-2024-12987cve-2025-3936

No tweets found for this CVE

Configuration 1
TypeVendorProduct
AppZimbracollaboration
ReferenceLink
134C704F-9B21-4F2E-91B3-4A467353BCC0https://www.welivesecurity.com/en/eset-research/operation-roundpress/
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7%23Security_Fixes
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39%23Security_Fixes
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7%23Security_Fixes
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39%23Security_Fixes
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes
134C704F-9B21-4F2E-91B3-4A467353BCC0https://www.welivesecurity.com/en/eset-research/operation-roundpress/
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes
CWE IDCWE NameDescription
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.