CVE-2013-3656
Cybozu Office < 9.1.0 - Unauthenticated Authentication Bypass via Login URL
Title source: llmDescription
Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL.
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN19491840/index.html
Vendor Advisory x_refsource_confirm
http://products.cybozu.co.jp/office/ver9/download/update/fix910.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/85894
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000069
Scores
EPSS
0.0026
EPSS Percentile
49.0%
Details
CWE
CWE-287
Status
published
Products (1)
cybozu/cybozu_office
< 9.1.0
Published
Jul 20, 2013
Tracked Since
Feb 18, 2026