6.8
CVE-2013-2305
- EPSS 0.64%
- Veröffentlicht 25.04.2013 10:55:02
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginCross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cybozu ≫ Cybozu Office Version <= 8
Cybozu ≫ Cybozu Office Version6
Cybozu ≫ Cybozu Office Version7
Cybozu ≫ Cybozu Office Version9
Cybozu ≫ Cybozu Office Version9.2.1
Cybozu ≫ Cybozu Dezie Version <= 8.0.6
Cybozu ≫ Cybozu Dezie Version8.0.0
Cybozu ≫ Cybozu Dezie Version8.0.1
Cybozu ≫ Cybozu Dezie Version8.0.2
Cybozu ≫ Cybozu Dezie Version8.0.3
Cybozu ≫ Cybozu Dezie Version8.0.4
Cybozu ≫ Cybozu Dezie Version8.0.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.64% | 0.46 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
http://cs.cybozu.co.jp/information/20130415up10.php
http://jvn.jp/en/jp/JVN06251813/374951/index.html
http://jvn.jp/en/jp/JVN06251813/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034