CVE-2015-6541: CSRF
First published: Fri Apr 08 2016(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zimbra Collaboration Server | <=8.0.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-6541?
CVE-2015-6541 is considered a high severity vulnerability due to its potential for unauthorized access and account hijacking.
How do I fix CVE-2015-6541?
To fix CVE-2015-6541, upgrade Zimbra Collaboration Server to version 8.5 or later.
What types of attacks can be executed using CVE-2015-6541?
Attackers can use CVE-2015-6541 to perform Cross-Site Request Forgery (CSRF) attacks, changing account preferences of victims without their consent.
Who is affected by CVE-2015-6541?
CVE-2015-6541 affects users of Zimbra Collaboration Server versions prior to 8.5.
What components of Zimbra are affected by CVE-2015-6541?
CVE-2015-6541 specifically affects the Mail interface in Zimbra Collaboration Server.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zimbra
- canonical/zimbra collaboration server
- version/zimbra collaboration server/8.0.9