CVE-2015-7610

Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p1:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p2:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p3:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p4:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p5:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p6:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p7:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p8:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p9:*:*:*:*:*:*

History

No history.

Information

Published : 2018-05-30 21:29

Updated : 2024-02-04 19:46


NVD link : CVE-2015-7610

Mitre link : CVE-2015-7610

CVE.ORG link : CVE-2015-7610


JSON object : View

Products Affected

zimbra

  • zimbra_collaboration_suite

synacor

  • zimbra_collaboration_suite
CWE
CWE-352

Cross-Site Request Forgery (CSRF)