CISA has issued an urgent alert about critical vulnerabilities being exploited in Synacor’s Zimbra Collaboration and Ivanti’s Endpoint Manager (EPM). Organizations using these products are urged to mitigate potential risks immediately.
CVE-2024-45519: Synacor Zimbra Collaboration Command Execution Vulnerability:
By infosecbulletin
/ Sunday , June 29 2025
Doctors at Columbia University Fertility Center have reported what they are calling the first pregnancy using a new AI system,...
Read More
By infosecbulletin
/ Saturday , June 28 2025
Cybersecurity experts and federal authorities are warning that the Scattered Spider hackers are now targeting aviation and transportation, indicating a...
Read More
By F2
/ Saturday , June 28 2025
Since June 9, 2025, Russian users connecting to Cloudflare services have faced throttling by ISPs. As the throttling is being...
Read More
By infosecbulletin
/ Saturday , June 28 2025
A new report from SafetyDetectives reveals that hackers posted a massive 3.1GB dataset online, containing about 61 million records reportedly...
Read More
By infosecbulletin
/ Friday , June 27 2025
A 30-year-old robotics engineer from Chennai set off alarm bells in 11 states by allegedly sending hoax bomb threats. She...
Read More
By infosecbulletin
/ Friday , June 27 2025
Cisco has issued updates to fix two critical security vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector...
Read More
By F2
/ Thursday , June 26 2025
CISA warns about a serious vulnerability in Fortinet FortiOS that threatens network security. CISA included CVE-2019-6693 in its Known Exploited...
Read More
By F2
/ Thursday , June 26 2025
Rapid7 has revealed serious vulnerabilities in multifunction printers (MFPs) from Brother, FUJIFILM, Ricoh, and Toshiba Tec Corporation. These findings, covering...
Read More
By infosecbulletin
/ Wednesday , June 25 2025
Citrix has issued security updates for a critical vulnerability in NetScaler ADC that has been actively exploited. The vulnerability CVE-2025-6543...
Read More
By F2
/ Wednesday , June 25 2025
SonicWall warned on Monday that unknown attackers have trojanized its SSL-VPN NetExtender application, tricking users into downloading it from fake...
Read More
A new vulnerability, CVE-2024-45519, has been found in the Synacor Zimbra Collaboration platform. It affects the postjournal service and could let unauthenticated users run commands remotely.
It’s unclear if this vulnerability has been used in ransomware attacks, but the risk of misuse is high. Organizations using Zimbra Collaboration should follow the mitigation recommendations from Synacor.
If mitigations are not available, it’s strongly advised to stop using the product. CISA has set a deadline for remediation by October 24, 2024, highlighting the urgency.
CVE-2024-29824: Ivanti Endpoint Manager SQL Injection Vulnerability:
The Ivanti Endpoint Manager (EPM) is at risk because of a SQL injection vulnerability called CVE-2024-29824.
This vulnerability lets unauthenticated attackers on the same network execute arbitrary code on the Core server. Like the Zimbra issue, there’s no evidence of it being exploited in ransomware attacks yet, but the risk is still significant.
Ivanti has provided guidance to address this vulnerability, and organizations should follow it quickly. The deadline to implement these measures is October 23, 2024.
CISA’s alert emphasizes the serious nature of these vulnerabilities and their potential global impact on organizations.
Synacor and Ivanti emphasize the need for quick action to safeguard sensitive data and ensure operational integrity.