CVE-2024-9665

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite (ZCS) (affected versions not specified)

Description This issue allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this issue, where the target must open a malicious email message. The specific flaw exists within the implementation of the "graphql endpoint". The issue results from the lack of proper protections against cross-site request forgery (CSRF) attacks. An attacker can leverage this issue to disclose information in the context of the target email account.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.