Critical Security Alert: 223 Zimbra Mail Servers in Netherlands at Risk of Remote Command Execution Vulnerability CVE-2024-45519

Research by The Shadowserver Foundation shows that 223 Zimbra mail servers in the Netherlands are at risk of a critical security hole. This vulnerability allows attackers to remotely execute commands on affected servers.

There are nearly 20,000 vulnerable servers worldwide recognizedwith Germany, the United States and Russia leading the way with more than 1,500 undeveloped systems each. There are 223 vulnerable mail servers in the Netherlands. The vulnerability, which received a maximum severity rating of 10.0, can be exploited by simply sending an email with malicious code in the CC field. The leak is being tracked under the CVSS code CVE-2024-45519.

Both Zimbra and the Ministry of Economic Affairs’ Digital Trust Center had this at the beginning of October warning for this vulnerability. Zimbra released patches last month to fix the problem. This applies to versions 9.0.0 Patch 41, 10.0.9, 10.1.1 and Zimbra 8.8.15 Patch 46. Organizations are advised to apply available security updates as soon as possible. as possible, as they are already being abused by cyber criminals.