CVE-2023-38750

In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
zimbrazimbra
8.8.0 ≤
𝑥
< 8.8.15
zimbrazimbra
8.8.15:p11
zimbrazimbra
8.8.15:p26
zimbrazimbra
8.8.15:p3
zimbrazimbra
8.8.15:p30
zimbrazimbra
8.8.15:p31
zimbrazimbra
8.8.15:p32
zimbrazimbra
8.8.15:p33
zimbrazimbra
8.8.15:p34
zimbrazimbra
8.8.15:p35
zimbrazimbra
8.8.15:p37
zimbrazimbra
8.8.15:p38
zimbrazimbra
8.8.15:p40
zimbrazimbra
8.8.15:p5
zimbrazimbra
9.0.0
zimbrazimbra
9.0.0:p0
zimbrazimbra
9.0.0:p19
zimbrazimbra
9.0.0:p23
zimbrazimbra
9.0.0:p25
zimbrazimbra
9.0.0:p26
zimbrazimbra
9.0.0:p27
zimbrazimbra
9.0.0:p28
zimbrazimbra
9.0.0:p30
zimbrazimbra
9.0.0:p31
zimbrazimbra
9.0.0:p33
zimbrazimbra
9.0.0:p4
zimbrazimbra
9.0.0:p7
zimbrazimbra
9.0.0:p7.1
zimbrazimbra
10.0.1
𝑥
= Vulnerable software versions
References
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy