A vulnerability has been reported in Cybozu products, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to perform actions with the privileges of a target user, who is tricked into visiting a malicious website.
Please see the vendor's advisories for a list of affected products and versions.
Solution: Update to the latest version (see vendor's advisories for details).
Provided and/or discovered by: Reported via JVN.
Original Advisory: Cybozu:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org