Primary

Context

Zimbra Collaboration Cross-Site Request Forgery Vulnerability in GraphQL Endpoint

Vulnerability

Patched

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the GraphQL endpoint of Zimbra Collaboration (ZCS) versions 9.0 through 10.1. This vulnerability arises from inadequate CSRF token validation, allowing attackers to execute unauthorized GraphQL operations. Potential exploits include modifying contacts, altering account settings, and accessing sensitive user information, all triggered when an authenticated user visits a malicious website.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of contacts and account settings, as well as unauthorized access to sensitive user data.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

3.1

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

3.1

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zimbra Collaboration Cross-Site Request Forgery Vulnerability in GraphQL Endpoint

Vulnerability

Impact

Affected Products

Zimbra Collaboration

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating