Vulnerability Details CVE-2018-10951
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.3%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2018-10951
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.0
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.1
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.10
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.2
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.3
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.4
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.5
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.6
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.7
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.8
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.9
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.0
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.2
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.3
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.4
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.5
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.6
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.7
-
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6
-
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.7.11