Published:2013/08/13 Last Updated:2013/08/13
JVN#21103639
Cybozu Mailwise vulnerable to information disclosure
Overview
Cybozu Mailwise contains an information disclosure vulnerability.
Products Affected
- Cybozu Mailwise 5.0.4 and 5.0.5
Description
Cybozu Mailwise contains a vulnerability that may display contents of another email in the subject field.
Impact
Contents of an email may be obtained by a user that does not have privileges to access that original email.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Cybozu, Inc. | vulnerable | 2013/08/13 | Cybozu, Inc. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2013.08.13
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | can be attacked over the Internet using packets |
|
| Authentication | login caused to be created by an administrator |
|
| User Interaction Required | the vulnerability can be exploited without an honest user taking any action |
|
| Exploit Complexity | expertise and/or luck required (guessing correctly in medium-sized space, kernel expertise) |
|
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2013-4698 |
| JVN iPedia |
JVNDB-2013-000077 |