4.3

CVE-2016-4909

Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CybozuGaroon Version3.0.0
CybozuGaroon Version3.0.1
CybozuGaroon Version3.0.2
CybozuGaroon Version3.0.3
CybozuGaroon Version3.1.0
CybozuGaroon Version3.1.1
CybozuGaroon Version3.1.2
CybozuGaroon Version3.1.3
CybozuGaroon Version3.5.0
CybozuGaroon Version3.5.1
CybozuGaroon Version3.5.2
CybozuGaroon Version3.5.3
CybozuGaroon Version3.5.4
CybozuGaroon Version3.5.5
CybozuGaroon Version3.7.0
CybozuGaroon Version3.7.1
CybozuGaroon Version3.7.2
CybozuGaroon Version3.7.3
CybozuGaroon Version3.7.4
CybozuGaroon Version3.7.5
CybozuGaroon Version4.0.0
CybozuGaroon Version4.0.1
CybozuGaroon Version4.0.2
CybozuGaroon Version4.0.3
CybozuGaroon Version4.2.0
CybozuGaroon Version4.2.1
CybozuGaroon Version4.2.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.26% 0.658
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://www.securityfocus.com/bid/97911
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/94973
Third Party Advisory
VDB Entry
https://jvn.jp/en/jp/JVN15222211/index.html
Third Party Advisory
VDB Entry
https://support.cybozu.com/ja-jp/article/9459
Vendor Advisory