An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests.
References
Link | Resource |
---|---|
https://bugzilla.zimbra.com/show_bug.cgi?id=109012 | Issue Tracking Exploit Third Party Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-05-30T15:22:03
Updated: 2019-05-30T15:22:03
Reserved: 2018-08-07T00:00:00
Link: CVE-2018-15131
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-05-30T16:29:00.980
Modified: 2019-05-30T19:08:08.650
Link: CVE-2018-15131
JSON object: View
Redhat Information
No data.
CWE