{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-01T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts, (2) modify user accounts, (3) delete user accounts, or (4) stop the product's service."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-05-15T16:57:00", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "101936", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/101936"}, {"name": "VU#204950", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/204950"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://atmail.com/changelog/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2013-6028", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts, (2) modify user accounts, (3) delete user accounts, or (4) stop the product's service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "101936", "refsource": "OSVDB", "url": "http://osvdb.org/101936"}, {"name": "VU#204950", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/204950"}, {"name": "http://atmail.com/changelog/", "refsource": "CONFIRM", "url": "http://atmail.com/changelog/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:29:42.886Z"}, "title": "CVE Program Container", "references": [{"name": "101936", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/101936"}, {"name": "VU#204950", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/204950"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://atmail.com/changelog/"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2013-6028", "datePublished": "2014-01-12T15:00:00", "dateReserved": "2013-10-04T00:00:00", "dateUpdated": "2024-08-06T17:29:42.886Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atmail:atmail:*:*:*:*:*:*:*:*", "matchCriteriaId": "880F5995-4E7A-4ABA-93C1-4FA0E40EEC50", "versionEndIncluding": "7.1.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F9DFF09-D9A8-46F7-A466-6C538C591651", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "EDDAF9DB-AECC-4406-9E88-C532C4681E0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "30315878-F10A-411B-B21A-A71DA99394C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "BEBB7923-9E0D-4D28-AB71-30108F1AFBC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "29BDC334-FB42-4A6B-BB78-3DC99EE11A38", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "EF3C307C-F294-4F67-98D2-E51432A8279C", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "5E98464F-08FB-41E2-9861-96E3E19BAB01", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D5FD44C-29A9-49EF-AB65-75DB4728B3CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "B7BB6CC5-4545-4879-BCEF-693E5DEB304A", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "A9DFD5C2-ED6A-4213-A3D3-14BA4BCF2323", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "11E4C783-B53A-4636-8156-56217C6AC176", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2AAACF14-FBF7-4790-BCF8-92FA053C7EEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "AAB391F0-67A2-47DD-AE65-870B7012070F", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "18A319B4-8E10-43E4-9DF3-734EA5696D08", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "A33A05DF-1DEC-48F9-981E-317FE147C079", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "BE4C5CC8-10A9-4F9F-B0E7-BB3D6974F388", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.20.4:*:*:*:*:*:*:*", "matchCriteriaId": "B42E88D3-3E8D-4B58-8748-EDA85DD0C922", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.20.5:*:*:*:*:*:*:*", "matchCriteriaId": "AD110D1B-7629-47F8-B543-621FA9FA1873", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.20.6:*:*:*:*:*:*:*", "matchCriteriaId": "70896BB6-9EDB-4A1A-B763-0308C2652023", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.20.7:*:*:*:*:*:*:*", "matchCriteriaId": "F63E86D1-8F61-451C-B615-B439978CC982", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.20.8:*:*:*:*:*:*:*", "matchCriteriaId": "492471CB-ECC4-45AF-8AE7-35C9EEE55EAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.20.10:*:*:*:*:*:*:*", "matchCriteriaId": "6D79D110-8A61-4499-8276-14A5ED8A1B4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.20.11:*:*:*:*:*:*:*", "matchCriteriaId": "B1EE5626-CC8A-43E9-88BB-6B4A3213B992", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.20.12:*:*:*:*:*:*:*", "matchCriteriaId": "098BCD16-D063-4C22-A6E0-B3E2D734893D", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:6.20.13:*:*:*:*:*:*:*", "matchCriteriaId": "26715955-A6D7-4204-A53B-B8EE68874A4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C1BC949-C0E1-44F5-A589-2BF9FDADDCA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5C104C26-C5A3-4FB3-B4C6-8809D30B4D54", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "46402FA8-4E02-499D-A01F-90A4F063E267", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B04163B8-F351-4B89-84D3-4B901BBC7F7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:7.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "4BFF6444-0F90-4737-A782-78D808816A2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:atmail:atmail:7.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "70FAE32B-2858-45E8-88C3-5B28BA7DF482", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts, (2) modify user accounts, (3) delete user accounts, or (4) stop the product's service."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades cross-site request forgery (CSRF) en  Atmail Webmail Server anteriores a 7.2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que (1) a\u00f1aden cuentas de usuarios, (2) modifican cuentas de usuarios, (3) borran cuentas de usuarios o (4) paran el servicio del producto."}], "id": "CVE-2013-6028", "lastModified": "2024-11-21T01:58:38.973", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-01-12T18:34:55.767", "references": [{"source": "cret@cert.org", "url": "http://atmail.com/changelog/"}, {"source": "cret@cert.org", "url": "http://osvdb.org/101936"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/204950"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://atmail.com/changelog/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/101936"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/204950"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}