CVE-2021-20795: CSRF
First published: Wed Oct 13 2021(Updated: )
Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cybozu Remote Service Manager | =3.1.8 | |
| Cybozu Remote Service Manager | =3.1.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-20795?
CVE-2021-20795 refers to a Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9.
How does CVE-2021-20795 affect Cybozu Remote Service Manager?
CVE-2021-20795 affects Cybozu Remote Service Manager versions 3.1.8 and 3.1.9.
What is the severity of CVE-2021-20795?
The severity of CVE-2021-20795 is high with a CVSS score of 8.8.
How can a remote attacker exploit CVE-2021-20795?
A remote attacker can exploit CVE-2021-20795 to hijack the authentication of administrators and perform unintended operations.
How can I fix the Cross-site request forgery vulnerability in Cybozu Remote Service Manager?
To fix the Cross-site request forgery vulnerability in Cybozu Remote Service Manager, update to a version beyond 3.1.9.
- collector/nvd-index
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/event
- agent/type
- agent/description
- vendor/cybozu
- canonical/cybozu remote service manager
- version/cybozu remote service manager/3.1.8
- version/cybozu remote service manager/3.1.9