3.5

CVE-2013-6003

CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CybozuGaroon Version3.1
CybozuGaroon Version3.1 Updatesp1
CybozuGaroon Version3.1 Updatesp2
CybozuGaroon Version3.1 Updatesp3
CybozuGaroon Version3.5
CybozuGaroon Version3.5 Updatesp1
CybozuGaroon Version3.5 Updatesp2
CybozuGaroon Version3.5 Updatesp3
CybozuGaroon Version3.5 Updatesp4
CybozuGaroon Version3.5 Updatesp5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.96% 0.569
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://cs.cybozu.co.jp/information/20131202up01.php
http://jvn.jp/en/jp/JVN84221103/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000116
https://support.cybozu.com/ja-jp/article/6121
Vendor Advisory