CVE-2018-15131

MEDIUM

Synacor Zimbra Collaboration Suite <8.6.0-8.8.9 - Info Disclosure

Title source: llm
STIX 2.1

Description

An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests.

Exploits (1)

nomisec WORKING POC 1 stars
by 0x00-0x00 · poc
https://github.com/0x00-0x00/CVE-2018-15131

References (2)

Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.zimbra.com/show_bug.cgi?id=109012

Scores

CVSS v3 5.3
EPSS 0.0261
EPSS Percentile 85.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (5)
synacor/zimbra_collaboration_suite 8.6.0 (10 CPE variants)
synacor/zimbra_collaboration_suite 8.7.11 (6 CPE variants)
synacor/zimbra_collaboration_suite 8.8.8 (8 CPE variants)
synacor/zimbra_collaboration_suite 8.8.9 (3 CPE variants)
synacor/zimbra_collaboration_suite 8.7.0 - 8.7.11
Published May 30, 2019
Tracked Since Feb 18, 2026