What is CVE-2016-3406?

CVE-2016-3406 is a high-severity vulnerability in Synacor Zimbra_collaboration_suite, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2017-01-18.

How severe is CVE-2016-3406?

High severity. CVSS v3 base score is 8.8 out of 10.

CSRF in Synacor Zimbra_collaboration_suite

CVE-2016-3406

Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) exten…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.002 (36.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Synacor Zimbra_collaboration_suite
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

cve@mitre.org (x_refsource_CONFIRM, Release Notes)
cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)

Frequently asked questions

What is CVE-2016-3406?: CVE-2016-3406 is a high-severity vulnerability in Synacor Zimbra_collaboration_suite, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2017-01-18.
How severe is CVE-2016-3406?: High severity. CVSS v3 base score is 8.8 out of 10.