Published: 30/05/2019 Updated: 30/05/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists in Synacor Zimbra Collaboration Suite 8.6.x prior to 8.6.0 Patch 11, 8.7.x prior to 8.7.11 Patch 6, 8.8.x prior to 8.8.8 Patch 9, and 8.8.9 prior to 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests.

Vulnerable Product	Search on Vulmon	Subscribe to Product
synacor zimbra collaboration suite 8.6.0
synacor zimbra collaboration suite 8.7.11
synacor zimbra collaboration suite 8.8.8
synacor zimbra collaboration suite
synacor zimbra collaboration suite 8.8.9

Zimbra Collaboration Suite Username Enumeration

Zimbra Collaboration User Enumeration Script (CVE-2018-15131) How to use The argument --host must be the hostname or IP address of Zimbra Collaboration Web Application root page, and --userlist an list of usernames to check against it root@kali# /cve-2018-15131-user-enumpy --host mailtargetcom --userlist /tmp/emailstxt And it

CWE-200 https://bugzilla.zimbra.com/show_bug.cgi?id=109012 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://nvd.nist.gov https://github.com/0x00-0x00/CVE-2018-15131

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-15131

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect