CVE Vulnerabilities

CVE-2018-10951

Published: May 10, 2018 | Modified: Jun 04, 2020
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.

Affected Software

Name Vendor Start Version End Version
Zimbra_collaboration_suite Synacor 8.7 8.7.11
Zimbra_collaboration_suite Synacor 8.8 *
Zimbra_collaboration_suite Zimbra 8.6 8.6
Zimbra_collaboration_suite Zimbra 8.6 8.6
Zimbra_collaboration_suite Zimbra 8.6 8.6
Zimbra_collaboration_suite Zimbra 8.6 8.6
Zimbra_collaboration_suite Zimbra 8.6 8.6
Zimbra_collaboration_suite Zimbra 8.6 8.6
Zimbra_collaboration_suite Zimbra 8.6 8.6
Zimbra_collaboration_suite Zimbra 8.6 8.6
Zimbra_collaboration_suite Zimbra 8.6 8.6
Zimbra_collaboration_suite Zimbra 8.6 8.6
Zimbra_collaboration_suite Zimbra 8.7.11 8.7.11
Zimbra_collaboration_suite Zimbra 8.7.11 8.7.11

References