First published: Wed May 17 2017(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Synacor Zimbra Collaboration Suite | <=8.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.