Session Fixation Vulnerability in Cybozu Remote Service Manager
CVE-2014-1984

Currently unrated

Key Information:

Vendor: Cybozu
Status: Remote Service Manager
Vendor: CVE Published:; 19 April 2014

What is CVE-2014-1984?

The vulnerability in Cybozu Remote Service Manager enables attackers to perform session fixation attacks, allowing unauthorized users to hijack web sessions. This occurs through flaws in the management screen, specifically affecting versions up to 2.3.0 and any 3.x versions prior to 3.1.1. Attackers can exploit this situation using unspecified vectors, posing significant risks to data integrity and user authentication.

References

http://cs.cybozu.co.jp/information/20130317notice02.php

x_refsource_CONFIRM

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000040

third-party-advisoryx_refsource_JVNDB

http://jvn.jp/en/jp/JVN00058727/index.html

third-party-advisoryx_refsource_JVN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2014
Vulnerability Reserved
Feb 17, 2014

CVE-2014-1984 Data

JSON