Check Point Advisories

Zimbra Collaboration Server-Side Request Forgery (CVE-2024-45518)

Check Point Reference: CPAI-2024-1383
Date Published: 13 Feb 2025
Severity: High
Last Updated: Thursday 13 February, 2025
Source:
Industry Reference:CVE-2024-45518
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable? Zimbra Collaboration 10.0.0 and later, prior to 10.0.9
Zimbra Collaboration 8.8.15
Zimbra Collaboration 8.8.15 Patch 1
Zimbra Collaboration 8.8.15 Patch 10
Zimbra Collaboration 8.8.15 Patch 11
Zimbra Collaboration 8.8.15 Patch 12
Zimbra Collaboration 8.8.15 Patch 13
Zimbra Collaboration 8.8.15 Patch 14
Zimbra Collaboration 8.8.15 Patch 15
Zimbra Collaboration 8.8.15 Patch 16
Zimbra Collaboration 8.8.15 Patch 17
Zimbra Collaboration 8.8.15 Patch 18
Zimbra Collaboration 8.8.15 Patch 19
Zimbra Collaboration 8.8.15 Patch 2
Zimbra Collaboration 8.8.15 Patch 20
Zimbra Collaboration 8.8.15 Patch 21
Zimbra Collaboration 8.8.15 Patch 22
Zimbra Collaboration 8.8.15 Patch 23
Zimbra Collaboration 8.8.15 Patch 24
Zimbra Collaboration 8.8.15 Patch 25
Zimbra Collaboration 8.8.15 Patch 26
Zimbra Collaboration 8.8.15 Patch 27
Zimbra Collaboration 8.8.15 Patch 28
Zimbra Collaboration 8.8.15 Patch 29
Zimbra Collaboration 8.8.15 Patch 3
Zimbra Collaboration 8.8.15 Patch 30
Zimbra Collaboration 8.8.15 Patch 31
Zimbra Collaboration 8.8.15 Patch 32
Zimbra Collaboration 8.8.15 Patch 33
Zimbra Collaboration 8.8.15 Patch 34
Zimbra Collaboration 8.8.15 Patch 35
Zimbra Collaboration 8.8.15 Patch 37
Zimbra Collaboration 8.8.15 Patch 4
Zimbra Collaboration 8.8.15 Patch 40
Zimbra Collaboration 8.8.15 Patch 41
Zimbra Collaboration 8.8.15 Patch 42
Zimbra Collaboration 8.8.15 Patch 43
Zimbra Collaboration 8.8.15 Patch 44
Zimbra Collaboration 8.8.15 Patch 45
Zimbra Collaboration 8.8.15 Patch 5
Zimbra Collaboration 8.8.15 Patch 6
Zimbra Collaboration 8.8.15 Patch 7
Zimbra Collaboration 8.8.15 Patch 8
Zimbra Collaboration 8.8.15 Patch 9
Zimbra Collaboration 9.0.0
Zimbra Collaboration 9.0.0 Patch 0
Zimbra Collaboration 9.0.0 Patch 1
Zimbra Collaboration 9.0.0 Patch 10
Zimbra Collaboration 9.0.0 Patch 11
Zimbra Collaboration 9.0.0 Patch 12
Zimbra Collaboration 9.0.0 Patch 13
Zimbra Collaboration 9.0.0 Patch 14
Zimbra Collaboration 9.0.0 Patch 15
Zimbra Collaboration 9.0.0 Patch 16
Zimbra Collaboration 9.0.0 Patch 19
Zimbra Collaboration 9.0.0 Patch 2
Zimbra Collaboration 9.0.0 Patch 20
Zimbra Collaboration 9.0.0 Patch 21
Zimbra Collaboration 9.0.0 Patch 23
Zimbra Collaboration 9.0.0 Patch 24
Zimbra Collaboration 9.0.0 P24.1
Zimbra Collaboration 9.0.0 Patch 25
Zimbra Collaboration 9.0.0 Patch 26
Zimbra Collaboration 9.0.0 Patch 27
Zimbra Collaboration 9.0.0 Patch 3
Zimbra Collaboration 9.0.0 Patch 33
Zimbra Collaboration 9.0.0 Patch 34
Zimbra Collaboration 9.0.0 Patch 35
Zimbra Collaboration 9.0.0 Patch 36
Zimbra Collaboration 9.0.0 Patch 37
Zimbra Collaboration 9.0.0 Patch 38
Zimbra Collaboration 9.0.0 Patch 39
Zimbra Collaboration 9.0.0 Patch 4
Zimbra Collaboration 9.0.0 Patch 40
Zimbra Collaboration 9.0.0 Patch 5
Zimbra Collaboration 9.0.0 Patch 6
Zimbra Collaboration 9.0.0 Patch 7
Zimbra Collaboration 9.0.0 P7.1
Zimbra Collaboration 9.0.0 Patch 8
Zimbra Collaboration 9.0.0 Patch 9
Zimbra Collaboration 10.1.0
Vulnerability Description A server-side request forgery vulnerability exists in Zimbra Collaboration. Successful exploitation would allow attackers to create requests on behalf of the vulnerable server.

Protection Overview

This protection detects attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R81 / R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Zimbra Collaboration Server-Side Request Forgery (CVE-2024-45518) protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Web Server Enforcement Violation.
Attack Information:  Zimbra Collaboration Server-Side Request Forgery (CVE-2024-45518)

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK