CVE-2018-10951

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite versions 8.6.0 before Patch10 Zimbra Collaboration Suite versions 8.7.0 through 8.7.11.Patch2 Zimbra Collaboration Suite versions 8.8.0 through 8.8.7

Description The issue allows read access to zimbraSSLPrivateKey via a "GetServer", "GetAllServers", or "GetAllActiveServers" call in the Admin SOAP API, specifically through endpoints like "/AdminSOAP" or similar. This could potentially lead to unauthorized access to sensitive information.

Recommendations For Zimbra Collaboration Suite version 8.6.0 before Patch10, update to at least Patch10. For Zimbra Collaboration Suite version 8.7.0 through 8.7.11.Patch2, update to at least 8.7.11.Patch3. For Zimbra Collaboration Suite version 8.8.0 through 8.8.7, update to at least 8.8.8.