Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.
2013-04-25T10:55:02.210
2025-04-11T00:51:21.963
Deferred
CVSSv2: 6.8 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cybozu | cybozu_office | ≤ 8 | Yes |
| Application | cybozu | cybozu_office | 6 | Yes |
| Application | cybozu | cybozu_office | 7 | Yes |
| Application | cybozu | cybozu_office | 9 | Yes |
| Application | cybozu | cybozu_office | 9.2.1 | Yes |
| Application | cybozu | cybozu_dezie | ≤ 8.0.6 | Yes |
| Application | cybozu | cybozu_dezie | 8.0.0 | Yes |
| Application | cybozu | cybozu_dezie | 8.0.1 | Yes |
| Application | cybozu | cybozu_dezie | 8.0.2 | Yes |
| Application | cybozu | cybozu_dezie | 8.0.3 | Yes |
| Application | cybozu | cybozu_dezie | 8.0.4 | Yes |
| Application | cybozu | cybozu_dezie | 8.0.5 | Yes |
| Application | cybozu | mailwise | ≤ 5.0 | Yes |
| Application | cybozu | mailwise | 1.0 | Yes |
| Application | cybozu | mailwise | 2.0 | Yes |
| Application | cybozu | mailwise | 2.1 | Yes |
| Application | cybozu | mailwise | 3.0 | Yes |
| Application | cybozu | mailwise | 3.0\(0.2\) | Yes |