Zimbra : Security Vulnerabilities, CVEs, Published In 2016 (CSRF)
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.
Max CVSS
8.8
EPSS Score
0.96%
Published
2016-04-08
Updated
2016-04-11
1 vulnerabilities found