CVE-2015-7610

high-risk

Published 2018-05-30

Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.

Do I need to act?

6.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (12)

Zimbra Collaboration Suite

Affected Vendors

Zimbra Synacor

References (14)

Patch https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-...

Patch https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8...

Patch https://wiki.zimbra.com/wiki/Security_Center

Patch https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10

Patch https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2

Patch https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1

Patch https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Patch https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-...

Patch https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8...

Patch https://wiki.zimbra.com/wiki/Security_Center

Patch https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10

Patch https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2

Patch https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1

Patch https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 9/34 · Low

Exposure 17/34 · Moderate