Lucene search

[email protected]CVE-2016-4868

HistoryApr 17, 2017 - 3:59 p.m.

CVE-2016-4868

2017-04-1715:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cybozu office

email header injection

vulnerability

remote attackers

cve-2016-4868

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.4%

JSON

Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.

Affected configurations

NVD

Node

cybozuofficeMatch9.0

cybozuofficeMatch9.1.0

cybozuofficeMatch9.2.0

cybozuofficeMatch9.2.1

cybozuofficeMatch9.3.0

cybozuofficeMatch9.3.1

cybozuofficeMatch9.3.2

cybozuofficeMatch9.9.0

cybozuofficeMatch10.0.0

cybozuofficeMatch10.0.1

cybozuofficeMatch10.0.2

cybozuofficeMatch10.1.0

cybozuofficeMatch10.1.2

cybozuofficeMatch10.2.0

cybozuofficeMatch10.3.0

cybozuofficeMatch10.4.0

CPENameOperatorVersion
cybozu:officecybozu officeeq9.0
cybozu:officecybozu officeeq9.1.0
cybozu:officecybozu officeeq9.2.0
cybozu:officecybozu officeeq9.2.1
cybozu:officecybozu officeeq9.3.0
cybozu:officecybozu officeeq9.3.1
cybozu:officecybozu officeeq9.3.2
cybozu:officecybozu officeeq9.9.0
cybozu:officecybozu officeeq10.0.0
cybozu:officecybozu officeeq10.0.1

CPE	Name	Operator	Version
cybozu:office	cybozu office	eq	9.0
cybozu:office	cybozu office	eq	9.1.0
cybozu:office	cybozu office	eq	9.2.0
cybozu:office	cybozu office	eq	9.2.1
cybozu:office	cybozu office	eq	9.3.0
cybozu:office	cybozu office	eq	9.3.1
cybozu:office	cybozu office	eq	9.3.2
cybozu:office	cybozu office	eq	9.9.0
cybozu:office	cybozu office	eq	10.0.0
cybozu:office	cybozu office	eq	10.0.1

Rows per page:

1-10 of 161

References

jvn.jp/en/jp/JVN08736331/index.html

jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html

www.securityfocus.com/bid/97713

support.cybozu.com/ja-jp/article/9433

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.4%

JSON

Related for CVE-2016-4868

jvn1 cvelist1 prion1 nvd1