Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveJpcertCVE-2013-2305
HistoryApr 25, 2013 - 10:55 a.m.

CVE-2013-2305

2013-04-2510:55:02
CWE-352
jpcert
web.nvd.nist.gov
20
cybozu
office
dezie
csrf
vulnerability
hijacking
authentication
password change
nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.002

Percentile

53.0%

JSON

Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.

Affected configurations

Nvd
Node
cybozucybozu_officeRange8
OR
cybozucybozu_officeMatch6
OR
cybozucybozu_officeMatch7
OR
cybozucybozu_officeMatch9
OR
cybozucybozu_officeMatch9.2.1
Node
cybozucybozu_dezieRange8.0.6
OR
cybozucybozu_dezieMatch8.0.0
OR
cybozucybozu_dezieMatch8.0.1
OR
cybozucybozu_dezieMatch8.0.2
OR
cybozucybozu_dezieMatch8.0.3
OR
cybozucybozu_dezieMatch8.0.4
OR
cybozucybozu_dezieMatch8.0.5
Node
cybozumailwiseRange5.0
OR
cybozumailwiseMatch1.0
OR
cybozumailwiseMatch2.0
OR
cybozumailwiseMatch2.1
OR
cybozumailwiseMatch3.0
OR
cybozumailwiseMatch3.0\(0.2\)
VendorProductVersionCPE
cybozucybozu_office*cpe:2.3:a:cybozu:cybozu_office:*:*:*:*:*:*:*:*
cybozucybozu_office6cpe:2.3:a:cybozu:cybozu_office:6:*:*:*:*:*:*:*
cybozucybozu_office7cpe:2.3:a:cybozu:cybozu_office:7:*:*:*:*:*:*:*
cybozucybozu_office9cpe:2.3:a:cybozu:cybozu_office:9:*:*:*:*:*:*:*
cybozucybozu_office9.2.1cpe:2.3:a:cybozu:cybozu_office:9.2.1:*:*:*:*:*:*:*
cybozucybozu_dezie*cpe:2.3:a:cybozu:cybozu_dezie:*:*:*:*:*:*:*:*
cybozucybozu_dezie8.0.0cpe:2.3:a:cybozu:cybozu_dezie:8.0.0:*:*:*:*:*:*:*
cybozucybozu_dezie8.0.1cpe:2.3:a:cybozu:cybozu_dezie:8.0.1:*:*:*:*:*:*:*
cybozucybozu_dezie8.0.2cpe:2.3:a:cybozu:cybozu_dezie:8.0.2:*:*:*:*:*:*:*
cybozucybozu_dezie8.0.3cpe:2.3:a:cybozu:cybozu_dezie:8.0.3:*:*:*:*:*:*:*
Rows per page:
1-10 of 181

Related

prion 2
cvelist 2
jvn 1
nvd 2
cve 1
prion
prion
Cross site request forgery (csrf)
2013-04-25 10:55:00
Cross site request forgery (csrf)
2013-04-25 10:55:00
cvelist
cvelist
CVE-2013-2305
2013-04-25 10:00:00
CVE-2013-3269
2013-04-25 10:00:00
jvn
jvn
JVN#06251813: Multiple Cybozu products vulnerable to cross-site request forgery
2013-04-15 00:00:00
nvd
nvd
CVE-2013-2305
2013-04-25 10:55:02
CVE-2013-3269
2013-04-25 10:55:02
cve
cve
CVE-2013-3269
2013-04-25 10:55:02

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.002

Percentile

53.0%

JSON
Related for CVE-2013-2305
prion2cvelist2jvn1nvd2cve1