NVD

Id
19214  
Name
CVE-2016-3406  
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-02-06  
Published
2017-01-18  
Modified Date
2017-02-01  
Seq
2016-3406  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
106010 19214 CVE-2016-3406 https://bugzilla.zimbra.com/show_bug.cgi?id=104294  View
106011 19214 CVE-2016-3406 https://bugzilla.zimbra.com/show_bug.cgi?id=104456  View
106012 19214 CVE-2016-3406 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0  View
106013 19214 CVE-2016-3406 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories  View

Related JVN