CVE-2016-3406: CSRF
First published: Wed Jan 18 2017(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zimbra Collaboration Suite | <=8.6.0 | |
| <=8.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-3406?
CVE-2016-3406 has a medium severity rating due to its potential for cross-site request forgery (CSRF) attacks.
How do I fix CVE-2016-3406?
To fix CVE-2016-3406, update Zimbra Collaboration Suite to version 8.7.0 or later.
What are the potential impacts of CVE-2016-3406?
The potential impacts of CVE-2016-3406 include unauthorized actions being performed on behalf of authenticated users.
Who is affected by CVE-2016-3406?
Users of Zimbra Collaboration Suite versions prior to 8.7.0 are affected by CVE-2016-3406.
What is the exploit mechanism for CVE-2016-3406?
CVE-2016-3406 exploits multiple CSRF vulnerabilities in certain Zimbra extension components.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/event
- agent/tags
- vendor/synacor
- canonical/zimbra collaboration suite
- version/zimbra collaboration suite/8.6.0