Remote Cookie Exposure in Cybozu Mailwise by Cybozu
CVE-2016-4843

6.5MEDIUM

Key Information:

Vendor: Cybozu
Status: Mailwise
Vendor: CVE Published:; 20 April 2017

🔔 Create Cybozu Vulnerability Alert

What is CVE-2016-4843?

The vulnerability in Cybozu Mailwise prior to version 5.4.0 allows remote attackers to exploit the application to retrieve sensitive cookie information. This can lead to potential unauthorized access to user sessions and sensitive data. It is crucial for users to update to the latest version to mitigate this security risk.

References

http://jvn.jp/en/jp/JVN03052683/index.html

third-party-advisoryx_refsource_JVN

http://www.securityfocus.com/bid/92461

vdb-entryx_refsource_BID

http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000137.html

third-party-advisoryx_refsource_JVNDB

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2017
Vulnerability Reserved
May 17, 2016

CVE-2016-4843 Data

.