CVE-2016-3406

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration versions prior to 8.7.0

Description The issue involves multiple cross-site request forgery (CSRF) vulnerabilities that allow remote attackers to hijack the authentication of victims. This is achieved through vectors involving the Client uploader extension or extension REST handlers.

Recommendations For versions prior to 8.7.0, update to version 8.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Client uploader extension and extension REST handlers to minimize the risk of exploitation.