CVE-2015-6541

Published: Apr 8, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.

Affected (1)

Products: Zimbra: Zimbra Collaboration Server

1 product

Zimbra Collaboration Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zimbra Zimbra Collaboration Server	Up to 8.0.9

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://seclists.org/fulldisclosure/2016/Feb/121

Source: cve@mitre.org

https://wiki.zimbra.com/wiki/Security/Collab/86#Notes_from_8.5_.28Jetty.29

Source: cve@mitre.org

https://www.exploit-db.com/exploits/39500/

Source: cve@mitre.org

Exploit

http://seclists.org/fulldisclosure/2016/Feb/121

Source: af854a3a-2127-422b-91ae-364da2661108

https://wiki.zimbra.com/wiki/Security/Collab/86#Notes_from_8.5_.28Jetty.29

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/39500/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.