PT-2013-5142 · Cybozu · Cybozu Mailwise

Published

2013-08-16

Updated

2013-10-07

CVE-2013-4698

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cybozu Mailwise versions 5.0.4 through 5.0.5

Description The issue allows remote authenticated users to obtain sensitive e-mail content intended for different persons by reading Subject header lines within the user's own mailbox in opportunistic circumstances.

Recommendations For Cybozu Mailwise versions 5.0.4 and 5.0.5, consider restricting access to the mailbox until a patch is available to prevent unauthorized reading of sensitive e-mail content.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2013-4698

Affected Products

Cybozu Mailwise

PT-2013-5142 · Cybozu · Cybozu Mailwise

CVE-2013-4698

Weakness Enumeration

Related Identifiers

Affected Products

References · 5