Описание
Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456.
Ссылки
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Release Notes
- Vendor Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.6.0 (включая)
cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00159
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456.
EPSS
Процентиль: 37%
0.00159
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352