First published: Wed May 30 2018(Updated: )
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Synacor Zimbra Collaboration Suite | >=8.7.0<=8.7.11 | |
Synacor Zimbra Collaboration Suite | >=8.8.0<=8.8.8 | |
Synacor Zimbra Collaboration Suite | =8.6.0 | |
Synacor Zimbra Collaboration Suite | =8.7.11-p1 | |
Zimbra Zimbra Collaboration Suite | =8.6.0-p1 | |
Zimbra Zimbra Collaboration Suite | =8.6.0-p2 | |
Zimbra Zimbra Collaboration Suite | =8.6.0-p3 | |
Zimbra Zimbra Collaboration Suite | =8.6.0-p4 | |
Zimbra Zimbra Collaboration Suite | =8.6.0-p5 | |
Zimbra Zimbra Collaboration Suite | =8.6.0-p6 | |
Zimbra Zimbra Collaboration Suite | =8.6.0-p7 | |
Zimbra Zimbra Collaboration Suite | =8.6.0-p8 | |
Zimbra Zimbra Collaboration Suite | =8.6.0-p9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2015-7610.
The severity of CVE-2015-7610 is high with a severity value of 8.8.
Zimbra Collaboration Suite versions 8.6.0, 8.7.0 to 8.7.11, and 8.8.0 to 8.8.8 are affected by CVE-2015-7610.
Remote attackers can exploit CVE-2015-7610 by leveraging failure to use a CSRF token in the login form to hijack the authentication of victims.
You can find more information about CVE-2015-7610 and patches in the Zimbra Security Center and relevant blog posts on the Zimbra website.