CVE-2018-10950

Published May 10, 2018

Last updated 3 days ago

CVSS medium 5.3

Overview

Description: mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A91CE8F-5E21-459E-A253-A1706357B82B",
            "versionEndExcluding": "8.7.11",
            "versionStartIncluding": "8.7.0"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48C99285-82BF-4C22-991C-D3742B19AFED",
            "versionEndExcluding": "8.8.8",
            "versionStartIncluding": "8.8.0"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09016525-12F2-49D0-A803-E38294FE3EFC"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "256ABB7E-46FB-471A-95D1-589A2F985BF9"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A4EE384-AB5A-42AB-8BD9-7B41235A3285"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E06F070B-CB6E-46A8-94BE-4C036DDD79AC"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7932C40-61F8-4267-894B-A843D7465571"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72038138-CDB7-4790-A5C7-5F0EC6334A0D"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0677BB2-9D02-4F88-8210-969ECBC23C30"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F182ED10-C40E-4B90-AEBA-0C54B7D1BF6D"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABBDA068-C4C8-4FE7-9E86-8778FD24B8F5"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:patch9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1C95543-0162-4F9A-A9F5-8D2534210489"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A98A1461-959C-4FC5-8860-76C3A9605F41"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD265B8F-EA30-4871-86C2-92C04611A947"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2FF8E1C-C700-45D1-B834-E23BF241DCC5"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:patch3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA825F54-5CD7-4D27-88B1-CEEC5AE7EE93"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References