CVE-2015-7610

Name: CVE-2015-7610
Creator: NVD / NIST
Published: 2018-05-30T21:29:00.223+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.22%

Last modified Jun 17, 2026

CVE-2015-7610 is a vulnerability of currently unknown severity. Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.. EPSS estimates a 1.22% chance of exploitation in the next 30 days.

Description

Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.

Metrics

EPSS Probability

1.22%

64.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-352

Affected Software

Vendor	Product	Versions	Update
Synacor	Zimbra Collaboration Suite	>= 8.7.0, <= 8.7.11	—
Synacor	Zimbra Collaboration Suite	>= 8.8.0, <= 8.8.8	—
Synacor	Zimbra Collaboration Suite	8.6.0	—
Synacor	Zimbra Collaboration Suite	8.7.11	P1
Zimbra	Zimbra Collaboration Suite	8.6.0	P1

References

https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-zimbra-8-7-11-patch-2/Patch, Vendor Advisory
https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8-7-11-patch-3-zimbra-8-6-0-patch-10/Patch, Vendor Advisory
https://wiki.zimbra.com/wiki/Security_CenterPatch, Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10Patch, Release Notes, Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2Patch, Release Notes, Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1Patch, Release Notes, Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Security_AdvisoriesPatch, Vendor Advisory
https://blog.zimbra.com/2018/04/new-patches-for-you-zimbra-8-8-8-turing-patch-1-zimbra-8-7-11-patch-2/Patch, Vendor Advisory
https://blog.zimbra.com/2018/05/new-patches-zimbra-8-8-8-turing-patch-3-zimbra-8-7-11-patch-3-zimbra-8-6-0-patch-10/Patch, Vendor Advisory
https://wiki.zimbra.com/wiki/Security_CenterPatch, Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10Patch, Release Notes, Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P2Patch, Release Notes, Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1Patch, Release Notes, Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Security_AdvisoriesPatch, Vendor Advisory

Timeline

Published: May 30, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-7610?

How severe is CVE-2015-7610?

Severity scoring for CVE-2015-7610 is pending analysis. The EPSS model estimates a 1.22% probability of exploitation in the next 30 days.

How do I fix CVE-2015-7610?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-7610?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST