PT-2019-9091 · Synacor · Zimbra Collaboration Suite

Published

2019-05-30

Updated

2019-05-30

CVE-2018-15131

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Synacor Zimbra Collaboration Suite versions 8.6.x through 8.6.0 Patch 10 Synacor Zimbra Collaboration Suite versions 8.7.x through 8.7.11 Patch 5 Synacor Zimbra Collaboration Suite versions 8.8.x through 8.8.8 Patch 8 Synacor Zimbra Collaboration Suite version 8.8.9

Description An issue in the software allows account number enumeration through inconsistent responses for specific types of authentication requests.

Recommendations For versions 8.6.x, update to 8.6.0 Patch 11 or later. For versions 8.7.x, update to 8.7.11 Patch 6 or later. For versions 8.8.x, update to 8.8.8 Patch 9 or later. For version 8.8.9, update to 8.8.9 Patch 3 or later.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-15131

Affected Products

Zimbra Collaboration Suite

PT-2019-9091 · Synacor · Zimbra Collaboration Suite

CVE-2018-15131

Weakness Enumeration

Related Identifiers

Affected Products

References · 5