All the vulnerabilites related to Cybozu, Inc. - Cybozu Dezie
cve-2018-0705
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 03:35
Severity
Summary
Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN16697622/index.html | third-party-advisory, x_refsource_JVN |
| https://kb.cybozu.support/article/34089/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Dezie |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#16697622",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN16697622/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/34089/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Dezie",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "8.0.2 to 8.1.2"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#16697622",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN16697622/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/34089/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Dezie",
"version": {
"version_data": [
{
"version_value": "8.0.2 to 8.1.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#16697622",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN16697622/index.html"
},
{
"name": "https://kb.cybozu.support/article/34089/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34089/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0705",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:35:48.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7833
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 02:04
Severity
Summary
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN16781735/index.html | third-party-advisory, x_refsource_JVN |
| http://www.securityfocus.com/bid/94831 | vdb-entry, x_refsource_BID |
| https://support.cybozu.com/ja-jp/article/9741 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Dezie |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#16781735",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94831"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Dezie",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "8.0.0 to 8.1.1"
}
]
}
],
"datePublic": "2016-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#16781735",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94831"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9741"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Dezie",
"version": {
"version_data": [
{
"version_value": "8.0.0 to 8.1.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#16781735",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94831"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9741",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9741"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7833",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:04:56.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7832
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 02:04
Severity
Summary
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9742 | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN16781735/index.html | third-party-advisory, x_refsource_JVN |
| http://www.securityfocus.com/bid/94831 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Dezie |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9742"
},
{
"name": "JVN#16781735",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94831"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Dezie",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "8.0.0 to 8.1.1"
}
]
}
],
"datePublic": "2016-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9742"
},
{
"name": "JVN#16781735",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94831"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Dezie",
"version": {
"version_data": [
{
"version_value": "8.0.0 to 8.1.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9742",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9742"
},
{
"name": "JVN#16781735",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94831"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7832",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:04:56.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2008-000033
Vulnerability from jvndb
Published
2008-07-08 12:14
Modified
2008-07-08 12:14
Summary
Multiple Cybozu products vulnerable to cross-site request forgery
Details
Multiple Cybozu products contain a cross-site request forgery vulnerability.
Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000033.html",
"dc:date": "2008-07-08T12:14+09:00",
"dcterms:issued": "2008-07-08T12:14+09:00",
"dcterms:modified": "2008-07-08T12:14+09:00",
"description": "Multiple Cybozu products contain a cross-site request forgery vulnerability.\r\n\r\nDaiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000033.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000033",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN18405927/index.html",
"@id": "JVN#18405927",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6744",
"@id": "CVE-2008-6744",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6744",
"@id": "CVE-2008-6744",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/30882",
"@id": "SA30882",
"@source": "SECUNIA"
},
{
"#text": "http://osvdb.org/46575",
"@id": "46575",
"@source": "OSVDB"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000033.html",
"@id": "JVNDB-2008-000033",
"@source": "JVNDB_Ja"
}
],
"title": "Multiple Cybozu products vulnerable to cross-site request forgery"
}
jvndb-2016-000243
Vulnerability from jvndb
Published
2016-12-12 14:49
Modified
2017-11-27 17:12
Severity
Summary
Access restriction bypass to download DBM files in Cybozu Dezie
Details
Cybozu Dezie provided by Cybozu,Inc. contains an access restriction bypass vulnerability to download DBM (Cybozu Dezie proprietary format) files.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Dezie |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000243.html",
"dc:date": "2017-11-27T17:12+09:00",
"dcterms:issued": "2016-12-12T14:49+09:00",
"dcterms:modified": "2017-11-27T17:12+09:00",
"description": "Cybozu Dezie provided by Cybozu,Inc. contains an access restriction bypass vulnerability to download DBM (Cybozu Dezie proprietary format) files.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000243.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000243",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN16781735/index.html",
"@id": "JVN#16781735",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7832",
"@id": "CVE-2016-7832",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7832",
"@id": "CVE-2016-7832",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Access restriction bypass to download DBM files in Cybozu Dezie"
}
jvndb-2013-000034
Vulnerability from jvndb
Published
2013-04-15 17:08
Modified
2013-06-25 18:36
Summary
Multiple Cybozu products vulnerable to cross-site request forgery
Details
Multiple Cybozu products contain a cross-site request forgery vulnerability.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN06251813/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2305 |
| NVD | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2305 |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000034.html",
"dc:date": "2013-06-25T18:36+09:00",
"dcterms:issued": "2013-04-15T17:08+09:00",
"dcterms:modified": "2013-06-25T18:36+09:00",
"description": "Multiple Cybozu products contain a cross-site request forgery vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000034.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:mailwise",
"@product": "Cybozu Mailwise",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000034",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN06251813/index.html",
"@id": "JVN#06251813",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2305",
"@id": "CVE-2013-2305",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2305",
"@id": "CVE-2013-2305",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Multiple Cybozu products vulnerable to cross-site request forgery"
}
jvndb-2009-000067
Vulnerability from jvndb
Published
2009-10-15 15:21
Modified
2009-10-15 15:21
Summary
Multiple Cybozu products vulnerable to cross-site scripting
Details
Multiple Cybozu products are vulnerable to cross-site scripting.
Multiple products (groupware etc.) provided by Cybozu, Inc. contain a cross-site scripting vulnerablility.
This vulnerability is different from JVN#50342989, and JVN#90712589.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN23108985/index.html |
| SECUNIA | http://secunia.com/advisories/37011/ |
| BID | http://www.securityfocus.com/bid/36704 |
| VUPEN | http://www.vupen.com/english/advisories/2009/2918 |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000067.html",
"dc:date": "2009-10-15T15:21+09:00",
"dcterms:issued": "2009-10-15T15:21+09:00",
"dcterms:modified": "2009-10-15T15:21+09:00",
"description": "Multiple Cybozu products are vulnerable to cross-site scripting.\r\n\r\nMultiple products (groupware etc.) provided by Cybozu, Inc. contain a cross-site scripting vulnerablility.\r\n\r\nThis vulnerability is different from JVN#50342989, and JVN#90712589.\r\n\r\nTakeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000067.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:mailwise",
"@product": "Cybozu Mailwise",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000067",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN23108985/index.html",
"@id": "JVN#23108985",
"@source": "JVN"
},
{
"#text": "http://secunia.com/advisories/37011/",
"@id": "SA37011",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/36704",
"@id": "36704",
"@source": "BID"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/2918",
"@id": "VUPEN/ADV-2009-2918",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple Cybozu products vulnerable to cross-site scripting"
}
jvndb-2011-000046
Vulnerability from jvndb
Published
2011-06-24 19:21
Modified
2011-06-24 19:21
Summary
Multiple Cybozu products vulnerable to cross-site scripting
Details
Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability.
Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system.
Sen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000046.html",
"dc:date": "2011-06-24T19:21+09:00",
"dcterms:issued": "2011-06-24T19:21+09:00",
"dcterms:modified": "2011-06-24T19:21+09:00",
"description": "Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability.\r\n\r\nMultiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system.\r\n\r\nSen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000046.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:collaborex",
"@product": "Cybozu Collaborex",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:mailwise",
"@product": "Cybozu Mailwise",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000046",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN54074460",
"@id": "JVN#54074460",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1334",
"@id": "CVE-2011-1334",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1334",
"@id": "CVE-2011-1334",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple Cybozu products vulnerable to cross-site scripting"
}
jvndb-2016-000244
Vulnerability from jvndb
Published
2016-12-12 14:49
Modified
2017-11-27 17:12
Severity
Summary
Access restriction bypass to delete DBM files in Cybozu Dezie
Details
Cybozu Dezie provided by Cybozu,Inc. contains an access restriction bypass vulnerability to delete DBM (Cybozu Dezie proprietary format) files.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Dezie |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000244.html",
"dc:date": "2017-11-27T17:12+09:00",
"dcterms:issued": "2016-12-12T14:49+09:00",
"dcterms:modified": "2017-11-27T17:12+09:00",
"description": "Cybozu Dezie provided by Cybozu,Inc. contains an access restriction bypass vulnerability to delete DBM (Cybozu Dezie proprietary format) files.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000244.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000244",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN16781735/index.html",
"@id": "JVN#16781735",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7833",
"@id": "CVE-2016-7833",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7833",
"@id": "CVE-2016-7833",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Access restriction bypass to delete DBM files in Cybozu Dezie"
}
jvndb-2018-000121
Vulnerability from jvndb
Published
2018-11-14 15:42
Modified
2019-08-27 12:25
Severity
Summary
Cybozu Dezie vulnerable to directory traversal
Details
Cybozu Dezie provided by Cybozu, Inc. contains a directory traversal vulnerability (CWE-22) due to a flaw in processing parameter of the HTTP request.
Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Dezie |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000121.html",
"dc:date": "2019-08-27T12:25+09:00",
"dcterms:issued": "2018-11-14T15:42+09:00",
"dcterms:modified": "2019-08-27T12:25+09:00",
"description": "Cybozu Dezie provided by Cybozu, Inc. contains a directory traversal vulnerability (CWE-22) due to a flaw in processing parameter of the HTTP request.\r\n\r\nYuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000121.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"@version": "2.0"
},
{
"@score": "8.6",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000121",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN16697622/index.html",
"@id": "JVN#16697622",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0705",
"@id": "CVE-2018-0705",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0705",
"@id": "CVE-2018-0705",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Cybozu Dezie vulnerable to directory traversal"
}
jvndb-2014-000130
Vulnerability from jvndb
Published
2014-11-11 13:36
Modified
2014-11-25 17:52
Summary
Multiple Cybozu products vulnerable to buffer overflow
Details
Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability (CWE-119).
Masaaki Chida of GREE, Inc. reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000130.html",
"dc:date": "2014-11-25T17:52+09:00",
"dcterms:issued": "2014-11-11T13:36+09:00",
"dcterms:modified": "2014-11-25T17:52+09:00",
"description": "Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability (CWE-119).\r\n\r\nMasaaki Chida of GREE, Inc. reported this vulnerability to the developer.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000130.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:mailwise",
"@product": "Cybozu Mailwise",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000130",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN14691234/index.html",
"@id": "JVN#14691234",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5314",
"@id": "CVE-2014-5314",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5314",
"@id": "CVE-2014-5314",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20141111-jvn.html",
"@id": "Security Alert for Multiple Cybozu products vulnerable to buffer overflow (JVN#14691234)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Multiple Cybozu products vulnerable to buffer overflow"
}
jvndb-2013-000118
Vulnerability from jvndb
Published
2013-12-10 14:13
Modified
2013-12-18 14:51
Summary
Cybozu Dezie vulnerable to cross-site scripting
Details
Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability.
Ken Asai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Dezie |
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000118.html",
"dc:date": "2013-12-18T14:51+09:00",
"dcterms:issued": "2013-12-10T14:13+09:00",
"dcterms:modified": "2013-12-18T14:51+09:00",
"description": "Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability.\r\n\r\nKen Asai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000118.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000118",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN21336955/index.html",
"@id": "JVN#21336955",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6005",
"@id": "CVE-2013-6005",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6005",
"@id": "CVE-2013-6005",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Dezie vulnerable to cross-site scripting"
}