4.3

CVE-2016-4868

Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CybozuOffice Version9.0
CybozuOffice Version9.1.0
CybozuOffice Version9.2.0
CybozuOffice Version9.2.1
CybozuOffice Version9.3.0
CybozuOffice Version9.3.1
CybozuOffice Version9.3.2
CybozuOffice Version9.9.0
CybozuOffice Version10.0.0
CybozuOffice Version10.0.1
CybozuOffice Version10.0.2
CybozuOffice Version10.1.0
CybozuOffice Version10.1.2
CybozuOffice Version10.2.0
CybozuOffice Version10.3.0
CybozuOffice Version10.4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.67% 0.69
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://jvn.jp/en/jp/JVN08736331/index.html
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/97713
Third Party Advisory
VDB Entry