PT-2014-4405 · Cybozu · Cybozu Remote Service Manager

Published

2014-04-19

Updated

2019-07-16

CVE-2014-1984

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cybozu Remote Service Manager versions prior to 3.1.1 Cybozu Remote Service Manager version 2.3.0

Description A session fixation issue in the management screen allows remote attackers to hijack web sessions.

Recommendations For version 2.3.0, update to version 3.1.1 or later. For versions 3.x prior to 3.1.1, update to version 3.1.1 or later. As a temporary workaround, consider restricting access to the management screen until a patch is available.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2014-1984

Affected Products

Cybozu Remote Service Manager

PT-2014-4405 · Cybozu · Cybozu Remote Service Manager

CVE-2014-1984

Weakness Enumeration

Related Identifiers

Affected Products

References · 4