CVE-2015-7610

Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p7:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p8:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p9:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p1:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p3:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p5:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p4:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p6:*:*:*:*:*:*

Information

Published : 2018-05-30 14:29

Updated : 2020-06-04 05:32


NVD link : CVE-2015-7610

Mitre link : CVE-2015-7610


JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa

Products Affected

zimbra

  • zimbra_collaboration_suite

synacor

  • zimbra_collaboration_suite