First published: Thu May 10 2018(Updated: )
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Synacor Zimbra Collaboration Suite | >=8.7<=8.7.11 | |
Synacor Zimbra Collaboration Suite | >=8.8<8.8.8 | |
Zimbra Zimbra Collaboration Suite | =8.6 | |
Zimbra Zimbra Collaboration Suite | =8.6-patch1 | |
Zimbra Zimbra Collaboration Suite | =8.6-patch2 | |
Zimbra Zimbra Collaboration Suite | =8.6-patch3 | |
Zimbra Zimbra Collaboration Suite | =8.6-patch4 | |
Zimbra Zimbra Collaboration Suite | =8.6-patch5 | |
Zimbra Zimbra Collaboration Suite | =8.6-patch6 | |
Zimbra Zimbra Collaboration Suite | =8.6-patch7 | |
Zimbra Zimbra Collaboration Suite | =8.6-patch8 | |
Zimbra Zimbra Collaboration Suite | =8.6-patch9 | |
Zimbra Zimbra Collaboration Suite | =8.7.11-patch1 | |
Zimbra Zimbra Collaboration Suite | =8.7.11-patch2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2018-10951.
The severity of CVE-2018-10951 is medium with a severity value of 6.5.
This vulnerability affects Zimbra Collaboration Suite versions 8.8 before 8.8.8, 8.7 before 8.7.11.Patch3, and 8.6 before 8.6.0.Patch10.
An attacker can exploit CVE-2018-10951 by making a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API to gain zimbraSSLPrivateKey read access.
More information about CVE-2018-10951 can be found at the following link: https://bugzilla.zimbra.com/show_bug.cgi?id=108894.