First published: Thu May 30 2019(Updated: )
An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Synacor Zimbra Collaboration Suite | >=8.7.0<8.7.11 | |
Synacor Zimbra Collaboration Suite | >=8.8.0<8.8.8 | |
Synacor Zimbra Collaboration Suite | =8.6.0 | |
Synacor Zimbra Collaboration Suite | =8.6.0-p1 | |
Synacor Zimbra Collaboration Suite | =8.6.0-p10 | |
Synacor Zimbra Collaboration Suite | =8.6.0-p2 | |
Synacor Zimbra Collaboration Suite | =8.6.0-p3 | |
Synacor Zimbra Collaboration Suite | =8.6.0-p4 | |
Synacor Zimbra Collaboration Suite | =8.6.0-p5 | |
Synacor Zimbra Collaboration Suite | =8.6.0-p6 | |
Synacor Zimbra Collaboration Suite | =8.6.0-p8 | |
Synacor Zimbra Collaboration Suite | =8.6.0-p9 | |
Synacor Zimbra Collaboration Suite | =8.7.11 | |
Synacor Zimbra Collaboration Suite | =8.7.11-p1 | |
Synacor Zimbra Collaboration Suite | =8.7.11-p2 | |
Synacor Zimbra Collaboration Suite | =8.7.11-p3 | |
Synacor Zimbra Collaboration Suite | =8.7.11-p4 | |
Synacor Zimbra Collaboration Suite | =8.7.11-p5 | |
Synacor Zimbra Collaboration Suite | =8.8.8 | |
Synacor Zimbra Collaboration Suite | =8.8.8-p1 | |
Synacor Zimbra Collaboration Suite | =8.8.8-p2 | |
Synacor Zimbra Collaboration Suite | =8.8.8-p3 | |
Synacor Zimbra Collaboration Suite | =8.8.8-p4 | |
Synacor Zimbra Collaboration Suite | =8.8.8-p5 | |
Synacor Zimbra Collaboration Suite | =8.8.8-p6 | |
Synacor Zimbra Collaboration Suite | =8.8.8-p7 | |
Synacor Zimbra Collaboration Suite | =8.8.9 | |
Synacor Zimbra Collaboration Suite | =8.8.9-p1 | |
Synacor Zimbra Collaboration Suite | =8.8.9-p2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-15131 is a vulnerability discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests.
CVE-2018-15131 has a severity score of 5.3, which is considered medium.
CVE-2018-15131 affects Synacor Zimbra Collaboration Suite versions 8.6.x (up to 8.6.0 Patch 11), 8.7.x (up to 8.7.11 Patch 6), 8.8.x (up to 8.8.8 Patch 9), and 8.8.9 (up to 8.8.9 Patch 3).
To fix CVE-2018-15131, it is recommended to update Synacor Zimbra Collaboration Suite to version 8.6.0 Patch 11, 8.7.11 Patch 6, 8.8.8 Patch 9, or 8.8.9 Patch 3.
More information about CVE-2018-15131 can be found in the Zimbra Security Advisories and the Bugzilla page for this vulnerability.