CVE-2022-37043: 
Zimbra Collaboration Server vulnerability analysis and mitigation

An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. This allows an attacker to execute unauthorized requests when an authenticated user views an attacker-controlled page, as the CSRF token is omitted from the request but the request still succeeds (CVE Details).

The vulnerability exists in the preauth functionality where CSRF (Cross-Site Request Forgery) token validation is bypassed on certain POST endpoints. When an authenticated user accesses a malicious page, the attacker can send requests to the application that appear legitimate but lack the required CSRF token validation (CERT-FR).

This vulnerability allows attackers to perform unauthorized actions on behalf of authenticated users when they visit malicious pages. Since the CSRF protection is bypassed, the attacker can execute arbitrary requests with the user's privileges (CVE Details).

The vulnerability was fixed in subsequent patches. Organizations should upgrade to the latest version of Zimbra Collaboration Suite that includes the security fix. The issue was reported by the Telenet security team (Zimbra Security).