PT-2019-9091 · Synacor · Zimbra Collaboration Suite
Publicado
2019-05-30
·
Atualizado
2019-05-30
·
CVE-2018-15131
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Synacor Zimbra Collaboration Suite versions 8.6.x through 8.6.0 Patch 10
Synacor Zimbra Collaboration Suite versions 8.7.x through 8.7.11 Patch 5
Synacor Zimbra Collaboration Suite versions 8.8.x through 8.8.8 Patch 8
Synacor Zimbra Collaboration Suite version 8.8.9
Description
An issue in the software allows account number enumeration through inconsistent responses for specific types of authentication requests.
Recommendations
For versions 8.6.x, update to 8.6.0 Patch 11 or later.
For versions 8.7.x, update to 8.7.11 Patch 6 or later.
For versions 8.8.x, update to 8.8.8 Patch 9 or later.
For version 8.8.9, update to 8.8.9 Patch 3 or later.
Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Zimbra Collaboration Suite