CVE-2016-3403

Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899.
Configurations

Configuration 1 (hide)

cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-05-17 14:29

Updated : 2024-02-28 15:44


NVD link : CVE-2016-3403

Mitre link : CVE-2016-3403

CVE.ORG link : CVE-2016-3403


JSON object : View

Products Affected

synacor

  • zimbra_collaboration_suite
CWE
CWE-352

Cross-Site Request Forgery (CSRF)