CVE-2014-1984

Published: Apr 19, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors.

Affected (2)

Products: Cybozu: Remote Service Manager

Cybozu

1 product

Remote Service Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cybozu Remote Service Manager	Up to 2.3.0
Cybozu Remote Service Manager	From 3.0.0 to 3.1.0

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

http://cs.cybozu.co.jp/information/20130317notice02.php

Source: vultures@jpcert.or.jp

PatchVendor Advisory

http://jvn.jp/en/jp/JVN00058727/index.html

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000040

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

http://cs.cybozu.co.jp/information/20130317notice02.php

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://jvn.jp/en/jp/JVN00058727/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000040

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.