CVE-2016-3403

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration versions prior to 8.6.0 Patch 8

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console. These vulnerabilities allow remote attackers to hijack the authentication of administrators for requests that add, modify, or remove accounts. This is possible due to the failure to use a CSRF token and perform referer header checks.

Recommendations For versions prior to 8.6.0 Patch 8, update to 8.6.0 Patch 8 or later to resolve the issue. As a temporary workaround, consider restricting access to the Admin Console to minimize the risk of exploitation.