CVE-2018-10951

Published May 10, 2018

Last updated 3 days ago

CVSS medium 6.5

Overview

Description: mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A70E8D6-CAE9-4F32-83DC-958FF4F4D531",
            "versionEndIncluding": "8.7.11",
            "versionStartIncluding": "8.7"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E8F5B18-C7FE-41B8-A3F3-5262BA688672",
            "versionEndExcluding": "8.8.8",
            "versionStartIncluding": "8.8"
          },
          {
            "criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DE1775A-949B-4F2B-A1CD-F20248A514D1"
          },
          {
            "criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83535482-F84B-432B-BEC0-ACBEA1735F4E"
          },
          {
            "criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EE035F1-D525-46F2-82FD-70AD3007B11C"
          },
          {
            "criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E9C15E8-F2EB-40FA-9B86-C661C9D0CE90"
          },
          {
            "criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C060044-1B84-4508-9FE9-8D3D2C8A1B17"
          },
          {
            "criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B12A5DF0-4BE7-4A6D-B978-FC58BD858E72"
          },
          {
            "criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1316FBE6-33A8-40CB-8EAC-D02D506BEE95"
          },
          {
            "criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3AB6AA3-9E01-47AE-8326-9CBA7B6EDE46"
          },
          {
            "criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F1440AB-9E8E-4B9B-85AD-915A2536D76F"
          },
          {
            "criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6:patch9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC73DE41-1DC7-438C-9E5B-3E01678744C4"
          },
          {
            "criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.7.11:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B58FD02-BDA9-4C11-A9B5-F42E3838DE58"
          },
          {
            "criteria": "cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.7.11:patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E72A72CA-9D34-42E4-85FA-B70C9D7A450A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References