CVE-2024-50599

Q: What is the severity of CVE-2024-50599?

CVE-2024-50599 has a CVSS score of 6.1 (MEDIUM). A reflected Cross-Site Scripting vulnerability in Zimbra Collaboration Suite 8.8.15 allows attackers to inject malicious scripts via webmail calendar endpoints. When exploited, this can lead to session hijacking, credential theft, or redirection to malicious sites. Organizations running Zimbra 8.8.15 with webmail enabled are affected.

6.1 MEDIUM

Cross-Site Scripting

📋 TL;DR

A reflected Cross-Site Scripting vulnerability in Zimbra Collaboration Suite 8.8.15 allows attackers to inject malicious scripts via webmail calendar endpoints. When exploited, this can lead to session hijacking, credential theft, or redirection to malicious sites. Organizations running Zimbra 8.8.15 with webmail enabled are affected.

💻 Affected Systems

Products:

Zimbra Collaboration Suite

Versions: 8.8.15

Operating Systems: All platforms running Zimbra

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects webmail calendar endpoints; requires webmail interface to be accessible and calendar functionality enabled.

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Web Application Firewall Rules

Input Validation Filter

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities