6.8
CVE-2013-2305
- EPSS 0.14%
- Veröffentlicht 25.04.2013 10:55:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginCross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cybozu ≫ Cybozu Office Version <= 8
Cybozu ≫ Cybozu Office Version6
Cybozu ≫ Cybozu Office Version7
Cybozu ≫ Cybozu Office Version9
Cybozu ≫ Cybozu Office Version9.2.1
Cybozu ≫ Cybozu Dezie Version <= 8.0.6
Cybozu ≫ Cybozu Dezie Version8.0.0
Cybozu ≫ Cybozu Dezie Version8.0.1
Cybozu ≫ Cybozu Dezie Version8.0.2
Cybozu ≫ Cybozu Dezie Version8.0.3
Cybozu ≫ Cybozu Dezie Version8.0.4
Cybozu ≫ Cybozu Dezie Version8.0.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.31 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.