First published: Wed Jan 09 2019(Updated: )
Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Cybozu Remote Service Manager | >=3.0.0<=3.1.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2018-16172.
CVE-2018-16172 has a severity rating of 6.5 (medium).
The affected software for CVE-2018-16172 is Cybozu Remote Service Manager versions 3.0.0 to 3.1.8.
CVE-2018-16172 is an improper countermeasure against clickjacking attack in the client certificates management screen in Cybozu Remote Service, allowing remote attackers to trick a user into deleting the registered client certificate.
Unfortunately, there is no known fix or patch for CVE-2018-16172 at the moment. It is recommended to follow the suggestions provided by the vendor or refer to the references for more information.