CVE-2013-2305

Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
cybozucybozu_office
𝑥
≤ 8
cybozucybozu_office
9.2.1
cybozucybozu_dezie
𝑥
≤ 8.0.6
cybozucybozu_dezie
8.0.0
cybozucybozu_dezie
8.0.1
cybozucybozu_dezie
8.0.2
cybozucybozu_dezie
8.0.3
cybozucybozu_dezie
8.0.4
cybozucybozu_dezie
8.0.5
cybozumailwise
𝑥
≤ 5.0
cybozumailwise
1.0
cybozumailwise
2.0
cybozumailwise
2.1
cybozumailwise
3.0
cybozumailwise
3.0\(0.2\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://cs.cybozu.co.jp/information/20130415up10.php
http://jvn.jp/en/jp/JVN06251813/374951/index.html
http://jvn.jp/en/jp/JVN06251813/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034
http://cs.cybozu.co.jp/information/20130415up10.php
http://jvn.jp/en/jp/JVN06251813/374951/index.html
http://jvn.jp/en/jp/JVN06251813/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034