CVE-2023-38750 - OpenCVE

In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Zimbra	Zimbra

Configuration 1 [-]

OR	cpe:2.3:a:zimbra:zimbra::::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p11::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p26::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p3::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p30::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p31::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p32::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p33::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p34::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p35::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p37::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p38::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p40::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p5::::::
	cpe:2.3:a:zimbra:zimbra:9.0.0:::::::*
	cpe:2.3:a:zimbra:zimbra:9.0.0:p0::::::
	cpe:2.3:a:zimbra:zimbra:9.0.0:p19::::::
	cpe:2.3:a:zimbra:zimbra:9.0.0:p23::::::
	cpe:2.3:a:zimbra:zimbra:9.0.0:p25::::::
	cpe:2.3:a:zimbra:zimbra:9.0.0:p26::::::
	cpe:2.3:a:zimbra:zimbra:9.0.0:p27::::::
	cpe:2.3:a:zimbra:zimbra:9.0.0:p28::::::
	cpe:2.3:a:zimbra:zimbra:9.0.0:p30::::::
	cpe:2.3:a:zimbra:zimbra:9.0.0:p31::::::
	cpe:2.3:a:zimbra:zimbra:9.0.0:p33::::::
	cpe:2.3:a:zimbra:zimbra:9.0.0:p4::::::
	cpe:2.3:a:zimbra:zimbra:9.0.0:p7::::::
	cpe:2.3:a:zimbra:zimbra:9.0.0:p7.1::::::
	cpe:2.3:a:zimbra:zimbra:10.0.1:::::::*

References

Link	Resource
https://wiki.zimbra.com/wiki/Security_Center	Release Notes Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy	Not Applicable

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-07-31T00:00:00

Updated: 2023-07-31T00:00:00

Reserved: 2023-07-25T00:00:00

Link: CVE-2023-38750

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-31T16:15:10.437

Modified: 2023-08-04T17:09:45.547

Link: CVE-2023-38750

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zimbra:zimbra:*:*:*:*:*:*:*:*", "matchCriteriaId": "38ECDB77-75C2-4F1F-94A8-D0F7CAC58427", "versionEndExcluding": "8.8.15", "versionStartIncluding": "8.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p11:*:*:*:*:*:*", "matchCriteriaId": "D94082EB-9245-421E-A195-659ED7E97FBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p26:*:*:*:*:*:*", "matchCriteriaId": "F10A5925-168E-45E8-888E-E4042A1406A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p3:*:*:*:*:*:*", "matchCriteriaId": "074B9DC0-1700-4C29-B332-093FEA785D39", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p30:*:*:*:*:*:*", "matchCriteriaId": "85C96088-3631-4CAE-BA6C-9E7A12EC455F", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p31:*:*:*:*:*:*", "matchCriteriaId": "BCB801E7-C9C5-42FC-A4C3-CECD9F21887B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p32:*:*:*:*:*:*", "matchCriteriaId": "A22C14E7-34AE-438C-9E2A-DA4BF07889D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p33:*:*:*:*:*:*", "matchCriteriaId": "B5251B9B-87EF-4300-A791-8C2BB2B58FA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p34:*:*:*:*:*:*", "matchCriteriaId": "C9795188-0A57-48A6-B876-0A2477888D6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p35:*:*:*:*:*:*", "matchCriteriaId": "4288C356-C993-486F-B3CF-D8E44A7A53C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p37:*:*:*:*:*:*", "matchCriteriaId": "7A98258E-91BA-45F0-8417-6FFB3CF02FB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p38:*:*:*:*:*:*", "matchCriteriaId": "3EFD7BC4-0284-4551-972C-81DD7F225DA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p40:*:*:*:*:*:*", "matchCriteriaId": "ACA5EA7B-95A3-49E9-A407-A034279173FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p5:*:*:*:*:*:*", "matchCriteriaId": "9F670A63-D8E9-4360-83CF-5C5D3D8B569E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B671A427-BC20-43CB-A7F1-DD2124B2B901", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p0:*:*:*:*:*:*", "matchCriteriaId": "631ADC21-06BA-476D-B134-E25D06740019", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p19:*:*:*:*:*:*", "matchCriteriaId": "92C99D34-300D-4AC6-9D75-538621978E38", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p23:*:*:*:*:*:*", "matchCriteriaId": "D949B9A3-4E4F-45FC-93AB-478B77C6F7AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p25:*:*:*:*:*:*", "matchCriteriaId": "0BDA3621-F2AA-4E55-8641-A30B9A3DCF8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p26:*:*:*:*:*:*", "matchCriteriaId": "3A29151F-9083-45B7-8C1E-A844372C01C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p27:*:*:*:*:*:*", "matchCriteriaId": "E35B7C01-F288-47D6-8C43-50FC6F6FEA7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p28:*:*:*:*:*:*", "matchCriteriaId": "40687633-0902-4D3E-8C7B-AE9318EB9DAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p30:*:*:*:*:*:*", "matchCriteriaId": "8091130D-23B8-4271-9164-2279C14CBE7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p31:*:*:*:*:*:*", "matchCriteriaId": "B40F5F01-E7DC-4399-8F9E-2341069FD555", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p33:*:*:*:*:*:*", "matchCriteriaId": "C8B3E761-6A2D-4AC1-8B46-B04196135A51", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p4:*:*:*:*:*:*", "matchCriteriaId": "8A3B019E-A357-4F7E-8DB5-336B3209D130", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p7:*:*:*:*:*:*", "matchCriteriaId": "E88525DC-A672-40E8-A756-43DD3E9685CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p7.1:*:*:*:*:*:*", "matchCriteriaId": "482EC153-BE0F-4B8B-8AC0-0D2CC3A94752", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0A092529-4EF6-45CC-A56B-BC9255E97F6D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed."}], "id": "CVE-2023-38750", "lastModified": "2023-08-04T17:09:45.547", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-31T16:15:10.437", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}