CVE-2015-6541

HIGH

Zimbra Collaboration Server < 8.0.9 - CSRF

Title source: rule
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.

Exploits (1)

exploitdb WORKING POC
by Sysdream · textwebappslinux
https://www.exploit-db.com/exploits/39500

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Feb/121
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39500/

Scores

CVSS v3 8.8
EPSS 0.0027
EPSS Percentile 50.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
zimbra/zimbra_collaboration_server < 8.0.9
Published Apr 08, 2016
Tracked Since Feb 18, 2026