Description
Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.primx.eu/en/bulletins/security-bulletin-19110545
Scores
CVSS v3
5.3
EPSS
0.0110
EPSS Percentile
61.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (6)
primx/zed
< 1.0.195 (2 CPE variants)
primx/zed
< 1.0.199 (4 CPE variants)
primx/zed
< 2.0.199 (2 CPE variants)
primx/zed
< 6.1.2240
primx/zedmail
< 6.1.2240
primx/zonecentral
< 6.1.2240
Published
Feb 03, 2019
Tracked Since
Feb 18, 2026