CVE-2013-3656

Cybozu Office < 9.1.0 - Authentication Bypass

Title source: rule

Description

Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL.

References (4)

[Vendor Advisory] http://products.cybozu.co.jp/office/ver9/download/update/fix910.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/85894

[Third Party Advisory] http://jvn.jp/en/jp/JVN19491840/index.html

[Third Party Advisory] http://jvndb.jvn.jp/jvndb/JVNDB-2013-000069

Scores

EPSS 0.0026

EPSS Percentile 48.8%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

cybozu/cybozu_office < 9.1.0

Timeline

Published Jul 20, 2013

Tracked Since Feb 18, 2026