atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.Referenceshttps://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6
