Описание
An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- Vendor Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 8.7.0 (включая) до 8.7.11 (исключая)Версия от 8.8.0 (включая) до 8.8.8 (исключая)
Одно из
cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p10:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p4:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p5:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p6:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p8:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:p9:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p4:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p5:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p4:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p5:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p6:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p7:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:-:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p2:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02609
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests.
EPSS
Процентиль: 85%
0.02609
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200