CVE-2015-7610

Опубликовано: 30 мая 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.

Ссылки

https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-zimbra-8-7-11-patch-2/
Patch
Vendor Advisory
https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8-7-11-patch-3-zimbra-8-6-0-patch-10/
Patch
Vendor Advisory
https://wiki.zimbra.com/wiki/Security_Center
Patch
Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10
Patch
Release Notes
Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2
Patch
Release Notes
Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1
Patch
Release Notes
Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Patch
Vendor Advisory
https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-zimbra-8-7-11-patch-2/
Patch
Vendor Advisory
https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8-7-11-patch-3-zimbra-8-6-0-patch-10/
Patch
Vendor Advisory
https://wiki.zimbra.com/wiki/Security_Center
Patch
Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10
Patch
Release Notes
Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2
Patch
Release Notes
Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1
Patch
Release Notes
Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*

Версия от 8.7.0 (включая) до 8.7.11 (включая)

cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*

Версия от 8.8.0 (включая) до 8.8.8 (включая)

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.6.0:*:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*

cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p1:*:*:*:*:*:*

cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p2:*:*:*:*:*:*

cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p3:*:*:*:*:*:*

cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p4:*:*:*:*:*:*

cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p5:*:*:*:*:*:*

cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p6:*:*:*:*:*:*

cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p7:*:*:*:*:*:*

cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p8:*:*:*:*:*:*

cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.6.0:p9:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06222

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-6f8r-6vw8-h9xj