Vulnerability Details : CVE-2013-4698
Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines within the user's own mailbox.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2013-4698
Probability of exploitation activity in the next 30 days: 0.15%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 50 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-4698
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2013-4698
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4698
-
http://jvn.jp/en/jp/JVN21103639/374951/index.html
Japan Vulnerability Notes/Information from Cybozu, Inc.
-
http://cs.cybozu.co.jp/information/20130812up02.php
受信したメールの件名に別の受信メールの内容が入る場合がある【CY13-008-001】(2013/08/12) | サイボウズからのお知らせVendor Advisory
-
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000077
JVNDB-2013-000077 - JVN iPedia - 脆弱性対策情報データベース
-
http://jvn.jp/en/jp/JVN21103639/index.html
JVN#21103639: Cybozu Mailwise vulnerable to information disclosure
Products affected by CVE-2013-4698
- cpe:2.3:a:cybozu:mailwise:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:cybozu:mailwise:5.0.4:*:*:*:*:*:*:*