CVE-2016-1151

moderate-risk

Published 2016-02-17

Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.

Do I need to act?

0.13% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (8)

Office

Affected Vendors

Cybozu

References (6)

Vendor Advisory http://jvn.jp/en/jp/JVN64209269/index.html

Vendor Advisory http://jvndb.jvn.jp/jvndb/JVNDB-2016-000024

Vendor Advisory https://cs.cybozu.co.jp/2016/006111.html

Vendor Advisory http://jvn.jp/en/jp/JVN64209269/index.html

Vendor Advisory http://jvndb.jvn.jp/jvndb/JVNDB-2016-000024

Vendor Advisory https://cs.cybozu.co.jp/2016/006111.html

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 1/34 · Minimal

Exposure 14/34 · Moderate