CVE-2013-2305

EUVD-2013-2251
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
cybozucybozu_office
𝑥
≤ 8
cybozucybozu_office
9.2.1
cybozucybozu_dezie
𝑥
≤ 8.0.6
cybozucybozu_dezie
8.0.0
cybozucybozu_dezie
8.0.1
cybozucybozu_dezie
8.0.2
cybozucybozu_dezie
8.0.3
cybozucybozu_dezie
8.0.4
cybozucybozu_dezie
8.0.5
cybozumailwise
𝑥
≤ 5.0
cybozumailwise
1.0
cybozumailwise
2.0
cybozumailwise
2.1
cybozumailwise
3.0
cybozumailwise
3.0\(0.2\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://cs.cybozu.co.jp/information/20130415up10.php
http://jvn.jp/en/jp/JVN06251813/374951/index.html
http://jvn.jp/en/jp/JVN06251813/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034
http://cs.cybozu.co.jp/information/20130415up10.php
http://jvn.jp/en/jp/JVN06251813/374951/index.html
http://jvn.jp/en/jp/JVN06251813/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034