All the vulnerabilites related to Cybozu, Inc. - Cybozu Office
cve-2021-20630
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity
Summary
Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36872/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36872/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T00:56:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36872/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN45797538/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"name": "https://kb.cybozu.support/article/36872/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36872/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20630",
"datePublished": "2021-03-18T00:56:00",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6022
Vulnerability from cvelistv5
Published
2019-12-26 15:16
Modified
2024-08-04 20:16
Severity
Summary
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.
References
| URL | Tags |
|---|---|
| https://kb.cybozu.support/article/36124 | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN79854355/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN79854355/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the \u0027Customapp\u0027 function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:50",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN79854355/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the \u0027Customapp\u0027 function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cybozu.support/article/36124",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36124"
},
{
"name": "http://jvn.jp/en/jp/JVN79854355/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN79854355/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6022",
"datePublished": "2019-12-26T15:16:50",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:16:24.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2116
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity
Summary
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN17535578/index.html | third-party-advisory, x_refsource_JVN |
| http://www.securityfocus.com/bid/97717 | vdb-entry, x_refsource_BID |
| https://support.cybozu.com/ja-jp/article/9736 | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#17535578",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN17535578/index.html"
},
{
"name": "97717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97717"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9736"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.5.0"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete \"customapp\" templates via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#17535578",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN17535578/index.html"
},
{
"name": "97717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97717"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cybozu.com/ja-jp/article/9736"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.5.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete \"customapp\" templates via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#17535578",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN17535578/index.html"
},
{
"name": "97717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97717"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9736",
"refsource": "MISC",
"url": "https://support.cybozu.com/ja-jp/article/9736"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2116",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32544
Vulnerability from cvelistv5
Published
2022-08-18 07:13
Modified
2024-08-03 07:46
Severity
Summary
Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:44.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:13:36",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-32544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-32544",
"datePublished": "2022-08-18T07:13:37",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T07:46:44.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32453
Vulnerability from cvelistv5
Published
2022-08-18 07:13
Modified
2024-08-03 07:39
Severity
Summary
HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP header injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:13:13",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-32453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP header injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-32453",
"datePublished": "2022-08-18T07:13:13",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T07:39:51.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20631
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity
Summary
Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36871/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36871/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T00:56:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36871/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN45797538/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"name": "https://kb.cybozu.support/article/36871/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36871/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20631",
"datePublished": "2021-03-18T00:56:01",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39817
Vulnerability from cvelistv5
Published
2024-08-06 04:54
Modified
2024-08-08 15:43
Severity
Summary
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T15:43:38.523183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T15:43:52.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting \u0027search\u0027 under certain conditions in Custom App."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:50.932Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN29845579/"
},
{
"url": "https://kb.cybozu.support/?product=office\u0026v=\u0026fv=10.8.7\u0026t=%E8%84%86%E5%BC%B1%E6%80%A7\u0026s="
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-39817",
"datePublished": "2024-08-06T04:54:50.932Z",
"dateReserved": "2024-07-26T04:55:12.517Z",
"dateUpdated": "2024-08-08T15:43:52.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20633
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity
Summary
Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36869/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36869/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T00:56:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36869/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN45797538/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"name": "https://kb.cybozu.support/article/36869/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36869/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20633",
"datePublished": "2021-03-18T00:56:02",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29891
Vulnerability from cvelistv5
Published
2022-08-18 07:11
Modified
2024-08-03 06:33
Severity
Summary
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:11:37",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29891",
"datePublished": "2022-08-18T07:11:37",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T06:33:43.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20627
Vulnerability from cvelistv5
Published
2021-03-18 00:55
Modified
2024-08-03 17:45
Severity
Summary
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36873/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36873/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T00:55:58",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36873/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN45797538/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"name": "https://kb.cybozu.support/article/36873/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36873/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20627",
"datePublished": "2021-03-18T00:55:58",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30693
Vulnerability from cvelistv5
Published
2022-08-18 07:12
Modified
2024-08-03 06:56
Severity
Summary
Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:12:25",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-30693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-30693",
"datePublished": "2022-08-18T07:12:25",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T06:56:13.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0567
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity
Summary
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN51737843/index.html | third-party-advisory, x_refsource_JVN |
| https://support.cybozu.com/ja-jp/article/10198 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#51737843",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/10198"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.0"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#51737843",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/10198"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#51737843",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/10198",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/10198"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0567",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20634
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity
Summary
Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36865/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36865/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T00:56:03",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36865/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN45797538/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"name": "https://kb.cybozu.support/article/36865/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36865/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20634",
"datePublished": "2021-03-18T00:56:03",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0704
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 03:35
Severity
Summary
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN15232217/index.html | third-party-advisory, x_refsource_JVN |
| https://kb.cybozu.support/article/34091/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#15232217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN15232217/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/34091/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.1"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#15232217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN15232217/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/34091/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#15232217",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN15232217/index.html"
},
{
"name": "https://kb.cybozu.support/article/34091/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34091/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0704",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:35:48.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6023
Vulnerability from cvelistv5
Published
2019-12-26 15:16
Modified
2024-08-04 20:16
Severity
Summary
Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN79854355/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36130 | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN79854355/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36130"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application \u0027Address\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:50",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN79854355/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36130"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application \u0027Address\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN79854355/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN79854355/index.html"
},
{
"name": "https://kb.cybozu.support/article/36130",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36130"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6023",
"datePublished": "2019-12-26T15:16:50",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:16:24.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20628
Vulnerability from cvelistv5
Published
2021-03-18 00:55
Modified
2024-08-03 17:45
Severity
Summary
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36868/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36868/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T00:55:59",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36868/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN45797538/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"name": "https://kb.cybozu.support/article/36868/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36868/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20628",
"datePublished": "2021-03-18T00:55:59",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0528
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity
Summary
Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9812 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN51737843/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9812"
},
{
"name": "JVN#51737843",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.7.0"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9812"
},
{
"name": "JVN#51737843",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.7.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9812",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9812"
},
{
"name": "JVN#51737843",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0528",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0529
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity
Summary
Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/10052 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN51737843/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/10052"
},
{
"name": "JVN#51737843",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.7.0"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/10052"
},
{
"name": "JVN#51737843",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.7.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/10052",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/10052"
},
{
"name": "JVN#51737843",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0529",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2115
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity
Summary
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN17535578/index.html | third-party-advisory, x_refsource_JVN |
| https://support.cybozu.com/ja-jp/article/9737 | x_refsource_MISC |
| http://www.securityfocus.com/bid/97717 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#17535578",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN17535578/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9737"
},
{
"name": "97717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.5.0"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain \"customapp\" information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#17535578",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN17535578/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cybozu.com/ja-jp/article/9737"
},
{
"name": "97717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.5.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain \"customapp\" information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#17535578",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN17535578/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9737",
"refsource": "MISC",
"url": "https://support.cybozu.com/ja-jp/article/9737"
},
{
"name": "97717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2115",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20624
Vulnerability from cvelistv5
Published
2021-03-18 00:55
Modified
2024-08-03 17:45
Severity
Summary
Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://kb.cybozu.support/article/36866/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36866/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T00:55:56",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36866/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cybozu.support/article/36866/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36866/"
},
{
"name": "https://jvn.jp/en/jp/JVN45797538/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20624",
"datePublished": "2021-03-18T00:55:56",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33311
Vulnerability from cvelistv5
Published
2022-08-18 07:14
Modified
2024-08-03 08:01
Severity
Summary
Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:20.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:14:48",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-33311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-33311",
"datePublished": "2022-08-18T07:14:48",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T08:01:20.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28715
Vulnerability from cvelistv5
Published
2022-08-18 07:10
Modified
2024-08-03 06:03
Severity
Summary
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:10:47",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-28715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-28715",
"datePublished": "2022-08-18T07:10:47",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T06:03:52.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20625
Vulnerability from cvelistv5
Published
2021-03-18 00:55
Modified
2024-08-03 17:45
Severity
Summary
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36874/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36874/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T00:55:57",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36874/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN45797538/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"name": "https://kb.cybozu.support/article/36874/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36874/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20625",
"datePublished": "2021-03-18T00:55:57",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32283
Vulnerability from cvelistv5
Published
2022-08-18 07:12
Modified
2024-08-03 07:39
Severity
Summary
Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:50.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:12:44",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-32283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-32283",
"datePublished": "2022-08-18T07:12:44",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T07:39:50.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0566
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity
Summary
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/10195 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN51737843/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/10195"
},
{
"name": "JVN#51737843",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.0"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/10195"
},
{
"name": "JVN#51737843",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/10195",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/10195"
},
{
"name": "JVN#51737843",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0566",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20629
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity
Summary
Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36867/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36867/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T00:55:59",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36867/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN45797538/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"name": "https://kb.cybozu.support/article/36867/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36867/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20629",
"datePublished": "2021-03-18T00:56:00",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32583
Vulnerability from cvelistv5
Published
2022-08-18 07:14
Modified
2024-08-03 07:46
Severity
Summary
Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:43.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:14:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-32583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-32583",
"datePublished": "2022-08-18T07:14:00",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T07:46:43.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29487
Vulnerability from cvelistv5
Published
2022-08-18 07:11
Modified
2024-08-03 06:26
Severity
Summary
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:11:14",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29487",
"datePublished": "2022-08-18T07:11:14",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T06:26:06.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10857
Vulnerability from cvelistv5
Published
2017-10-12 14:00
Modified
2024-08-05 17:50
Severity
Summary
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9811 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN14658424/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9811"
},
{
"name": "JVN#14658424",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN14658424/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.6.1"
}
]
}
],
"datePublic": "2017-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via \"Cabinet\" function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-12T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9811"
},
{
"name": "JVN#14658424",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN14658424/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.6.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via \"Cabinet\" function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9811",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9811"
},
{
"name": "JVN#14658424",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN14658424/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10857",
"datePublished": "2017-10-12T14:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0527
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity
Summary
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/10029 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN51737843/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/10029"
},
{
"name": "JVN#51737843",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.7.0"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/10029"
},
{
"name": "JVN#51737843",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.7.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/10029",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/10029"
},
{
"name": "JVN#51737843",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0527",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20626
Vulnerability from cvelistv5
Published
2021-03-18 00:55
Modified
2024-08-03 17:45
Severity
Summary
Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36864/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36864/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T00:55:57",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36864/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN45797538/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"name": "https://kb.cybozu.support/article/36864/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36864/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20626",
"datePublished": "2021-03-18T00:55:57",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30604
Vulnerability from cvelistv5
Published
2022-08-18 07:12
Modified
2024-08-03 06:56
Severity
Summary
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:12.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:12:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-30604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-30604",
"datePublished": "2022-08-18T07:12:01",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T06:56:12.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0703
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 03:35
Severity
Summary
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN15232217/index.html | third-party-advisory, x_refsource_JVN |
| https://kb.cybozu.support/article/34088/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#15232217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN15232217/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/34088/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.1"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#15232217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN15232217/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/34088/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#15232217",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN15232217/index.html"
},
{
"name": "https://kb.cybozu.support/article/34088/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34088/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0703",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:35:48.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25986
Vulnerability from cvelistv5
Published
2022-08-18 07:10
Modified
2024-08-03 04:56
Severity
Summary
Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:36.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:10:27",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-25986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-25986",
"datePublished": "2022-08-18T07:10:27",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T04:56:36.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0565
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity
Summary
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN51737843/index.html | third-party-advisory, x_refsource_JVN |
| https://support.cybozu.com/ja-jp/article/10200 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#51737843",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/10200"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.0"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#51737843",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/10200"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#51737843",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/10200",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/10200"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0565",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2114
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity
Summary
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN17535578/index.html | third-party-advisory, x_refsource_JVN |
| http://www.securityfocus.com/bid/97717 | vdb-entry, x_refsource_BID |
| https://support.cybozu.com/ja-jp/article/9738 | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#17535578",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN17535578/index.html"
},
{
"name": "97717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97717"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9738"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.5.0"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#17535578",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN17535578/index.html"
},
{
"name": "97717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97717"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cybozu.com/ja-jp/article/9738"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.5.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#17535578",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN17535578/index.html"
},
{
"name": "97717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97717"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9738",
"refsource": "MISC",
"url": "https://support.cybozu.com/ja-jp/article/9738"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2114",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20632
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity
Summary
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36870/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36870/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T00:56:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36870/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN45797538/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45797538/index.html"
},
{
"name": "https://kb.cybozu.support/article/36870/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36870/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20632",
"datePublished": "2021-03-18T00:56:02",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33151
Vulnerability from cvelistv5
Published
2022-08-18 07:14
Modified
2024-08-03 08:01
Severity
Summary
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:20.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:14:24",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-33151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-33151",
"datePublished": "2022-08-18T07:14:25",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T08:01:20.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2013-000034
Vulnerability from jvndb
Published
2013-04-15 17:08
Modified
2013-06-25 18:36
Summary
Multiple Cybozu products vulnerable to cross-site request forgery
Details
Multiple Cybozu products contain a cross-site request forgery vulnerability.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN06251813/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2305 |
| NVD | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2305 |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000034.html",
"dc:date": "2013-06-25T18:36+09:00",
"dcterms:issued": "2013-04-15T17:08+09:00",
"dcterms:modified": "2013-06-25T18:36+09:00",
"description": "Multiple Cybozu products contain a cross-site request forgery vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000034.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:mailwise",
"@product": "Cybozu Mailwise",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000034",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN06251813/index.html",
"@id": "JVN#06251813",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2305",
"@id": "CVE-2013-2305",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2305",
"@id": "CVE-2013-2305",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Multiple Cybozu products vulnerable to cross-site request forgery"
}
jvndb-2018-000053
Vulnerability from jvndb
Published
2018-05-22 14:30
Modified
2018-08-30 16:03
Severity
Summary
Multiple vulnerabilities in Cybozu Office
Details
Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
*Information disclosure in the application "Message" when viewing an external image (CWE-200) - CVE-2018-0526
*Stored cross-site scripting in "E-mail Details Screen" of the application "E-mail" (CWE-79) - CVE-2018-0527
*Browse restriction bypass in the application "Scheduler" (CWE-264) - CVE-2018-0528
*Denial-of-service (DoS) in the application "Message" due to a flaw in processing of an attached file (CWE-20) - CVE-2018-0529
*Reflected cross-site scripting in the application "MultiReport" (CWE-79) - CVE-2018-0565
*Browse restriction bypass in the application "Scheduler" (CWE-264) - CVE-2018-0566
*Operation restriction bypass in the application "Bulletin" (CWE-264) - CVE-2018-0567
Jun Kokatsu reported CVE-2018-0526 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
Masato Kinugawa reported CVE-2018-0527 and CVE-2018-0565 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
Cybozu, Inc. reported CVE-2018-0528, CVE-2018-0529 and CVE-2018-0566 vulnerabilities to JPCERT/CC to notify users of respective solutions through JVN.
Yuji Tounai reported CVE-2018-0567 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000053.html",
"dc:date": "2018-08-30T16:03+09:00",
"dcterms:issued": "2018-05-22T14:30+09:00",
"dcterms:modified": "2018-08-30T16:03+09:00",
"description": "Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n\r\n*Information disclosure in the application \"Message\" when viewing an external image (CWE-200) - CVE-2018-0526\r\n*Stored cross-site scripting in \"E-mail Details Screen\" of the application \"E-mail\" (CWE-79) - CVE-2018-0527\r\n*Browse restriction bypass in the application \"Scheduler\" (CWE-264) - CVE-2018-0528\r\n*Denial-of-service (DoS) in the application \"Message\" due to a flaw in processing of an attached file (CWE-20) - CVE-2018-0529\r\n*Reflected cross-site scripting in the application \"MultiReport\" (CWE-79) - CVE-2018-0565\r\n*Browse restriction bypass in the application \"Scheduler\" (CWE-264) - CVE-2018-0566\t\r\n*Operation restriction bypass in the application \"Bulletin\" (CWE-264) - CVE-2018-0567\r\n\r\nJun Kokatsu reported CVE-2018-0526 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nMasato Kinugawa reported CVE-2018-0527 and CVE-2018-0565 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCybozu, Inc. reported CVE-2018-0528, CVE-2018-0529 and CVE-2018-0566 vulnerabilities to JPCERT/CC to notify users of respective solutions through JVN.\r\n\r\nYuji Tounai reported CVE-2018-0567 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000053.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000053",
"sec:references": [
{
"#text": "https://jvn.jp/jp/JVN51737843/index.html",
"@id": "JVN#51737843",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0526",
"@id": "CVE-2018-0526",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0527",
"@id": "CVE-2018-0527",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0528",
"@id": "CVE-2018-0528",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0529",
"@id": "CVE-2018-0529",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0565",
"@id": "CVE-2018-0565",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0566",
"@id": "CVE-2018-0566",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0567",
"@id": "CVE-2018-0567",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0565",
"@id": "CVE-2018-0565",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0566",
"@id": "CVE-2018-0566",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0567",
"@id": "CVE-2018-0567",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0526",
"@id": "CVE-2018-0526",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0527",
"@id": "CVE-2018-0527",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0528",
"@id": "CVE-2018-0528",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0529",
"@id": "CVE-2018-0529",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in Cybozu Office"
}
jvndb-2016-000189
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:10
Severity
Summary
"Project" function in Cybozu Office vulnerable vulnerable to operation restriction bypass
Details
Cybozu Office provided by Cybozu,Inc. contains an operation restriction bypass vulnerability in the "Project" function.
Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html",
"dc:date": "2017-04-24T15:10+09:00",
"dcterms:issued": "2016-10-03T15:43+09:00",
"dcterms:modified": "2017-04-24T15:10+09:00",
"description": "Cybozu Office provided by Cybozu,Inc. contains an operation restriction bypass vulnerability in the \"Project\" function.\r\n\r\nYuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000189",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN07148816/index.html",
"@id": "JVN#07148816",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4873",
"@id": "CVE-2016-4873",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4873",
"@id": "CVE-2016-4873",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "\"Project\" function in Cybozu Office vulnerable vulnerable to operation restriction bypass"
}
jvndb-2017-000225
Vulnerability from jvndb
Published
2017-10-11 14:28
Modified
2018-03-07 12:21
Severity
Summary
Cybozu Office fails to restrict access permissions
Details
Cybozu Office fails to restrict access permissions.
Cybozu Office provided by Cybozu, Inc. fails to restrict access permissions (CWE-284) due to an issue in "Cabinet" function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000225.html",
"dc:date": "2018-03-07T12:21+09:00",
"dcterms:issued": "2017-10-11T14:28+09:00",
"dcterms:modified": "2018-03-07T12:21+09:00",
"description": "Cybozu Office fails to restrict access permissions.\r\n\r\nCybozu Office provided by Cybozu, Inc. fails to restrict access permissions (CWE-284) due to an issue in \"Cabinet\" function.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000225.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000225",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN14658424/index.html",
"@id": "JVN#14658424",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10857",
"@id": "CVE-2017-10857",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10857",
"@id": "CVE-2017-10857",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Office fails to restrict access permissions"
}
jvndb-2009-000067
Vulnerability from jvndb
Published
2009-10-15 15:21
Modified
2009-10-15 15:21
Summary
Multiple Cybozu products vulnerable to cross-site scripting
Details
Multiple Cybozu products are vulnerable to cross-site scripting.
Multiple products (groupware etc.) provided by Cybozu, Inc. contain a cross-site scripting vulnerablility.
This vulnerability is different from JVN#50342989, and JVN#90712589.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN23108985/index.html |
| SECUNIA | http://secunia.com/advisories/37011/ |
| BID | http://www.securityfocus.com/bid/36704 |
| VUPEN | http://www.vupen.com/english/advisories/2009/2918 |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000067.html",
"dc:date": "2009-10-15T15:21+09:00",
"dcterms:issued": "2009-10-15T15:21+09:00",
"dcterms:modified": "2009-10-15T15:21+09:00",
"description": "Multiple Cybozu products are vulnerable to cross-site scripting.\r\n\r\nMultiple products (groupware etc.) provided by Cybozu, Inc. contain a cross-site scripting vulnerablility.\r\n\r\nThis vulnerability is different from JVN#50342989, and JVN#90712589.\r\n\r\nTakeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000067.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:mailwise",
"@product": "Cybozu Mailwise",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000067",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN23108985/index.html",
"@id": "JVN#23108985",
"@source": "JVN"
},
{
"#text": "http://secunia.com/advisories/37011/",
"@id": "SA37011",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/36704",
"@id": "36704",
"@source": "BID"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/2918",
"@id": "VUPEN/ADV-2009-2918",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple Cybozu products vulnerable to cross-site scripting"
}
jvndb-2022-000054
Vulnerability from jvndb
Published
2022-07-20 17:28
Modified
2024-06-14 14:02
Severity
Summary
Multiple vulnerabilities in Cybozu Office
Details
Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* [CyVDB-839][CyVDB-2300][CyVDB-3109] Browse restriction bypass vulnerability in Cabinet (CWE-284) - CVE-2022-32283
* [CyVDB-1795] Operation restriction bypass vulnerability in Project (CWE-285) - CVE-2022-32544
* [CyVDB-1800][CyVDB-2798][CyVDB-2927] Browse restriction bypass vulnerability in Custom App (CWE-284) - CVE-2022-29891
* [CyVDB-1849] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-33151
* [CyVDB-1851][CyVDB-1856][CyVDB-1873][CyVDB-1944][CyVDB-2173] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-28715
* [CyVDB-1859] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-30604
* [CyVDB-2030] HTTP header injection vulnerability (CWE-113) - CVE-2022-32453
* [CyVDB-2152][CyVDB-2153][CyVDB-2154][CyVDB-2155] Information disclosure vulnerability in the system configuration (CWE-200) - CVE-2022-30693
* [CyVDB-2693] Operation restriction bypass vulnerability in Scheduler (CWE-285) - CVE-2022-32583
* [CyVDB-2695][CyVDB-2819] Browse restriction bypass vulnerability in Scheduler (CWE-284) - CVE-2022-25986
* [CyVDB-2770] Browse restriction bypass vulnerability in Address Book (CWE-284) - CVE-2022-33311
* [CyVDB-2939] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-29487
CVE-2022-28715, CVE-2022-30604, CVE-2022-32453, CVE-2022-33151
Masato Kinugawa reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2022-29891, CVE-2022-32544, CVE-2022-32583
Yuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2022-30693
Kanta Nishitani of Ierae Security Inc. reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
CVE-2022-29487, CVE-2022-25986, CVE-2022-32283, CVE-2022-33311
Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000054.html",
"dc:date": "2024-06-14T14:02+09:00",
"dcterms:issued": "2022-07-20T17:28+09:00",
"dcterms:modified": "2024-06-14T14:02+09:00",
"description": "Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n* [CyVDB-839][CyVDB-2300][CyVDB-3109] Browse restriction bypass vulnerability in Cabinet (CWE-284) - CVE-2022-32283\r\n* [CyVDB-1795] Operation restriction bypass vulnerability in Project (CWE-285) - CVE-2022-32544\r\n* [CyVDB-1800][CyVDB-2798][CyVDB-2927] Browse restriction bypass vulnerability in Custom App (CWE-284) - CVE-2022-29891\r\n* [CyVDB-1849] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-33151\r\n* [CyVDB-1851][CyVDB-1856][CyVDB-1873][CyVDB-1944][CyVDB-2173] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-28715\r\n* [CyVDB-1859] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-30604\r\n* [CyVDB-2030] HTTP header injection vulnerability (CWE-113) - CVE-2022-32453\r\n* [CyVDB-2152][CyVDB-2153][CyVDB-2154][CyVDB-2155] Information disclosure vulnerability in the system configuration (CWE-200) - CVE-2022-30693\r\n* [CyVDB-2693] Operation restriction bypass vulnerability in Scheduler (CWE-285) - CVE-2022-32583\r\n* [CyVDB-2695][CyVDB-2819] Browse restriction bypass vulnerability in Scheduler (CWE-284) - CVE-2022-25986\r\n* [CyVDB-2770] Browse restriction bypass vulnerability in Address Book (CWE-284) - CVE-2022-33311\r\n* [CyVDB-2939] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-29487\r\n\r\nCVE-2022-28715, CVE-2022-30604, CVE-2022-32453, CVE-2022-33151\r\nMasato Kinugawa reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2022-29891, CVE-2022-32544, CVE-2022-32583\r\nYuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2022-30693\r\nKanta Nishitani of Ierae Security Inc. reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2022-29487, CVE-2022-25986, CVE-2022-32283, CVE-2022-33311\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000054.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000054",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN20573662/index.html",
"@id": "JVN#20573662",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25986",
"@id": "CVE-2022-25986",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28715",
"@id": "CVE-2022-28715",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29487",
"@id": "CVE-2022-29487",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29891",
"@id": "CVE-2022-29891",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30604",
"@id": "CVE-2022-30604",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30693",
"@id": "CVE-2022-30693",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32283",
"@id": "CVE-2022-32283",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32453",
"@id": "CVE-2022-32453",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32544",
"@id": "CVE-2022-32544",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32583",
"@id": "CVE-2022-32583",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33151",
"@id": "CVE-2022-33151",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33311",
"@id": "CVE-2022-33311",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-25986",
"@id": "CVE-2022-25986",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28715",
"@id": "CVE-2022-28715",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29487",
"@id": "CVE-2022-29487",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29891",
"@id": "CVE-2022-29891",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30604",
"@id": "CVE-2022-30604",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30693",
"@id": "CVE-2022-30693",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-32283",
"@id": "CVE-2022-32283",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-32453",
"@id": "CVE-2022-32453",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-32544",
"@id": "CVE-2022-32544",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-32583",
"@id": "CVE-2022-32583",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-33151",
"@id": "CVE-2022-33151",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-33311",
"@id": "CVE-2022-33311",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Multiple vulnerabilities in Cybozu Office"
}
jvndb-2006-000650
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cybozu products vulnerable to directory traversal
Details
Multiple Cybozu products contain a directory traversal vulnerability.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
| Cybozu, Inc. | Cybozu Share360 |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000650.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Multiple Cybozu products contain a directory traversal vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000650.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:share360",
"@product": "Cybozu Share360",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000650",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN90420168/index.html",
"@id": "JVN#90420168",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4490",
"@id": "CVE-2006-4490",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4490",
"@id": "CVE-2006-4490",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/21623",
"@id": "SA21623",
"@source": "SECUNIA"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/28591",
"@id": "28591",
"@source": "XF"
},
{
"#text": "http://securitytracker.com/id?1016759",
"@id": "1016759",
"@source": "SECTRACK"
},
{
"#text": "http://osvdb.org/displayvuln.php?osvdb_id=28261",
"@id": "28261",
"@source": "OSVDB"
},
{
"#text": "http://osvdb.org/displayvuln.php?osvdb_id=28262",
"@id": "28262",
"@source": "OSVDB"
}
],
"title": "Cybozu products vulnerable to directory traversal"
}
jvndb-2017-000063
Vulnerability from jvndb
Published
2017-04-11 16:05
Modified
2017-06-01 11:30
Severity
Summary
The design setting screen in Cybozu Office vulnerable to cross-site scripting
Details
The design setting screen in Cybozu Office contains a cross-site scripting vulnerability.
Kazuto Sagamihara reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN17535578/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2114 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2017-2114 |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000063.html",
"dc:date": "2017-06-01T11:30+09:00",
"dcterms:issued": "2017-04-11T16:05+09:00",
"dcterms:modified": "2017-06-01T11:30+09:00",
"description": "The design setting screen in Cybozu Office contains a cross-site scripting vulnerability.\r\n\r\nKazuto Sagamihara reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000063.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000063",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN17535578/index.html",
"@id": "JVN#17535578",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2114",
"@id": "CVE-2017-2114",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2114",
"@id": "CVE-2017-2114",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "The design setting screen in Cybozu Office vulnerable to cross-site scripting"
}
jvndb-2019-000076
Vulnerability from jvndb
Published
2019-12-17 13:55
Modified
2019-12-17 13:55
Severity
Summary
Multiple vulnerabilities in Cybozu Office
Details
Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* Directory traversal in the "Customapp" function (CWE-22) - CVE-2019-6022
* Browse restriction bypass in the application "Address" (CWE-284) - CVE-2019-6023
Two vulnerabilities were reported by the following persons to Cybozu, Inc. directly, and Cybozu Inc. reported the vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
CVE-2019-6022 by Shoji Baba
CVE-2019-6023 by Tanghaifeng
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000076.html",
"dc:date": "2019-12-17T13:55+09:00",
"dcterms:issued": "2019-12-17T13:55+09:00",
"dcterms:modified": "2019-12-17T13:55+09:00",
"description": "Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n* Directory traversal in the \"Customapp\" function (CWE-22) - CVE-2019-6022 \r\n\r\n* Browse restriction bypass in the application \"Address\" (CWE-284) - CVE-2019-6023 \r\n\r\nTwo vulnerabilities were reported by the following persons to Cybozu, Inc. directly, and Cybozu Inc. reported the vulnerabilities to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n CVE-2019-6022 by Shoji Baba\r\n CVE-2019-6023 by Tanghaifeng",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000076.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "7.7",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000076",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN79854355/index.html",
"@id": "JVN#79854355",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6022",
"@id": "CVE-2019-6022",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6023",
"@id": "CVE-2019-6023",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6022",
"@id": "CVE-2019-6022",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6023",
"@id": "CVE-2019-6023",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Multiple vulnerabilities in Cybozu Office"
}
jvndb-2016-000192
Vulnerability from jvndb
Published
2016-10-03 15:46
Modified
2017-04-24 15:10
Severity
Summary
Cybozu Office vulnerable to denial-of-service (DoS)
Details
Cybozu Office contains a denial-of-service (DoS) vulnerability.
Shuichi Uruma reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN10092452/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4871 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4871 |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html",
"dc:date": "2017-04-24T15:10+09:00",
"dcterms:issued": "2016-10-03T15:46+09:00",
"dcterms:modified": "2017-04-24T15:10+09:00",
"description": "Cybozu Office contains a denial-of-service (DoS) vulnerability.\r\n\r\nShuichi Uruma reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000192",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN10092452/index.html",
"@id": "JVN#10092452",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4871",
"@id": "CVE-2016-4871",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4871",
"@id": "CVE-2016-4871",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Cybozu Office vulnerable to denial-of-service (DoS)"
}
jvndb-2011-000046
Vulnerability from jvndb
Published
2011-06-24 19:21
Modified
2011-06-24 19:21
Summary
Multiple Cybozu products vulnerable to cross-site scripting
Details
Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability.
Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system.
Sen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000046.html",
"dc:date": "2011-06-24T19:21+09:00",
"dcterms:issued": "2011-06-24T19:21+09:00",
"dcterms:modified": "2011-06-24T19:21+09:00",
"description": "Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability.\r\n\r\nMultiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system.\r\n\r\nSen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000046.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:collaborex",
"@product": "Cybozu Collaborex",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:mailwise",
"@product": "Cybozu Mailwise",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000046",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN54074460",
"@id": "JVN#54074460",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1334",
"@id": "CVE-2011-1334",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1334",
"@id": "CVE-2011-1334",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple Cybozu products vulnerable to cross-site scripting"
}
jvndb-2013-000069
Vulnerability from jvndb
Published
2013-07-16 12:27
Modified
2013-07-23 19:09
Summary
Cybozu Office session management vulnerability
Details
Cybozu Office is a groupware. Cybozu Office contains a vulnerability in session management.
Ooi Keita reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN19491840/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3656 |
| NVD | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3656 |
| Improper Authentication(CWE-287) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000069.html",
"dc:date": "2013-07-23T19:09+09:00",
"dcterms:issued": "2013-07-16T12:27+09:00",
"dcterms:modified": "2013-07-23T19:09+09:00",
"description": "Cybozu Office is a groupware. Cybozu Office contains a vulnerability in session management.\r\n\r\nOoi Keita reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000069.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000069",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN19491840/index.html",
"@id": "JVN#19491840",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3656",
"@id": "CVE-2013-3656",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3656",
"@id": "CVE-2013-3656",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
}
],
"title": "Cybozu Office session management vulnerability"
}
jvndb-2017-000065
Vulnerability from jvndb
Published
2017-04-11 16:05
Modified
2017-06-01 12:18
Severity
Summary
Cybozu Office fails to restrict access permission in the templates delete function in "customapp"
Details
Cybozu Office contains an access restriction flaw in the templates delete function in "customapp".
Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000065.html",
"dc:date": "2017-06-01T12:18+09:00",
"dcterms:issued": "2017-04-11T16:05+09:00",
"dcterms:modified": "2017-06-01T12:18+09:00",
"description": "Cybozu Office contains an access restriction flaw in the templates delete function in \"customapp\".\r\n\r\nCybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000065.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000065",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN17535578/index.html",
"@id": "JVN#17535578",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2116",
"@id": "CVE-2017-2116",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2116",
"@id": "CVE-2017-2116",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Office fails to restrict access permission in the templates delete function in \"customapp\""
}
jvndb-2016-000026
Vulnerability from jvndb
Published
2016-02-15 16:21
Modified
2016-06-06 15:00
Severity
Summary
Cybozu Office vulnerable to cross-site scripting
Details
Cybozu Office contains a cross-site scripting vulnerability (CWE-79) in multiple functions.
Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000026.html",
"dc:date": "2016-06-06T15:00+09:00",
"dcterms:issued": "2016-02-15T16:21+09:00",
"dcterms:modified": "2016-06-06T15:00+09:00",
"description": "Cybozu Office contains a cross-site scripting vulnerability (CWE-79) in multiple functions.\r\n\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000026.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000026",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN69278491/index.html",
"@id": "JVN#69278491",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7795",
"@id": "CVE-2015-7795",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7796",
"@id": "CVE-2015-7796",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7797",
"@id": "CVE-2015-7797",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7798",
"@id": "CVE-2015-7798",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1149",
"@id": "CVE-2016-1149",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1150",
"@id": "CVE-2016-1150",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7795",
"@id": "CVE-2015-7795",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7796",
"@id": "CVE-2015-7796",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7797",
"@id": "CVE-2015-7797",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7798",
"@id": "CVE-2015-7798",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1149",
"@id": "CVE-2016-1149",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1150",
"@id": "CVE-2016-1150",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Office vulnerable to cross-site scripting"
}
jvndb-2016-000184
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:05
Severity
Summary
"Customapp" function in Cybozu Office vulnerable to cross-site scripting
Details
Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN06726266/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4865 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4865 |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html",
"dc:date": "2017-04-24T15:05+09:00",
"dcterms:issued": "2016-10-03T15:43+09:00",
"dcterms:modified": "2017-04-24T15:05+09:00",
"description": "Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000184",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN06726266/index.html",
"@id": "JVN#06726266",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4865",
"@id": "CVE-2016-4865",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4865",
"@id": "CVE-2016-4865",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "\"Customapp\" function in Cybozu Office vulnerable to cross-site scripting"
}
jvndb-2008-000033
Vulnerability from jvndb
Published
2008-07-08 12:14
Modified
2008-07-08 12:14
Summary
Multiple Cybozu products vulnerable to cross-site request forgery
Details
Multiple Cybozu products contain a cross-site request forgery vulnerability.
Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000033.html",
"dc:date": "2008-07-08T12:14+09:00",
"dcterms:issued": "2008-07-08T12:14+09:00",
"dcterms:modified": "2008-07-08T12:14+09:00",
"description": "Multiple Cybozu products contain a cross-site request forgery vulnerability.\r\n\r\nDaiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000033.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000033",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN18405927/index.html",
"@id": "JVN#18405927",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6744",
"@id": "CVE-2008-6744",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6744",
"@id": "CVE-2008-6744",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/30882",
"@id": "SA30882",
"@source": "SECUNIA"
},
{
"#text": "http://osvdb.org/46575",
"@id": "46575",
"@source": "OSVDB"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000033.html",
"@id": "JVNDB-2008-000033",
"@source": "JVNDB_Ja"
}
],
"title": "Multiple Cybozu products vulnerable to cross-site request forgery"
}
jvndb-2017-000066
Vulnerability from jvndb
Published
2017-04-11 16:05
Modified
2017-04-11 16:05
Severity
Summary
The API in Cybozu Office vulnerable to denial-of-service (DoS)
Details
The API in Cybozu Office contains a denial-of-service (DoS) vulnerability.
Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN17535578/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4449 |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000066.html",
"dc:date": "2017-04-11T16:05+09:00",
"dcterms:issued": "2017-04-11T16:05+09:00",
"dcterms:modified": "2017-04-11T16:05+09:00",
"description": "The API in Cybozu Office contains a denial-of-service (DoS) vulnerability.\r\n\r\nCybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000066.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000066",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN17535578/index.html",
"@id": "JVN#17535578",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449",
"@id": "CVE-2016-4449",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4449",
"@id": "CVE-2016-4449",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "The API in Cybozu Office vulnerable to denial-of-service (DoS)"
}
jvndb-2006-000649
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cybozu Office 6 information disclosure vulnerability
Details
A vulnerability exists in Cybozu Office 6 allowing the disclosure of registered users or groups information.
Cybozu Office 6 provides several login methods. One of the methods, meant to be used in the Internet, allows direct entry of a username. However, even when this method is used, information of registered users and groups could be obtained by an attacker.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000649.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "A vulnerability exists in Cybozu Office 6 allowing the disclosure of registered users or groups information.\r\n\r\nCybozu Office 6 provides several login methods. One of the methods, meant to be used in the Internet, allows direct entry of a username. However, even when this method is used, information of registered users and groups could be obtained by an attacker.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000649.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:ag_pocket",
"@product": "Cybozu AG Pocket",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:cybozu_ag",
"@product": "Cybozu AG",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:share360",
"@product": "Cybozu Share360",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000649",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN31125599/index.html",
"@id": "JVN#31125599",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4492",
"@id": "CVE-2006-4492",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4492",
"@id": "CVE-2006-4492",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/21623",
"@id": "SA21623",
"@source": "SECUNIA"
},
{
"#text": "http://www.osvdb.org/28263",
"@id": "28263",
"@source": "OSVDB"
}
],
"title": "Cybozu Office 6 information disclosure vulnerability"
}
jvndb-2017-000064
Vulnerability from jvndb
Published
2017-04-11 16:05
Modified
2017-06-01 11:30
Severity
Summary
Cybozu Office fails to restrict access permission in the file export function in "customapp"
Details
Cybozu Office contains an access restriction flaw in the file export function in "customapp".
Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000064.html",
"dc:date": "2017-06-01T11:30+09:00",
"dcterms:issued": "2017-04-11T16:05+09:00",
"dcterms:modified": "2017-06-01T11:30+09:00",
"description": "Cybozu Office contains an access restriction flaw in the file export function in \"customapp\".\r\n\r\nCybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000064.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000064",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN17535578/index.html",
"@id": "JVN#17535578",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2115",
"@id": "CVE-2017-2115",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2115",
"@id": "CVE-2017-2115",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Office fails to restrict access permission in the file export function in \"customapp\""
}
jvndb-2013-000082
Vulnerability from jvndb
Published
2013-09-10 13:56
Modified
2013-09-11 13:34
Summary
Cybozu Office vulnerable to cross-site scripting
Details
Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability in the function to customize the top page.
Motoki Nishio of VALTES CO.,LTD. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000082.html",
"dc:date": "2013-09-11T13:34+09:00",
"dcterms:issued": "2013-09-10T13:56+09:00",
"dcterms:modified": "2013-09-11T13:34+09:00",
"description": "Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability in the function to customize the top page.\r\n\r\n\r\nMotoki Nishio of VALTES CO.,LTD. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000082.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000082",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN53014207/",
"@id": "JVN#53014207",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4703",
"@id": "CVE-2013-4703",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4703",
"@id": "CVE-2013-4703",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Office vulnerable to cross-site scripting"
}
jvndb-2016-000186
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:10
Severity
Summary
"Schedule" function in Cybozu Office vulnerable to cross-site scripting
Details
Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.
Kusano Kazuhiko reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN06726266/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4870 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4870 |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html",
"dc:date": "2017-04-24T15:10+09:00",
"dcterms:issued": "2016-10-03T15:43+09:00",
"dcterms:modified": "2017-04-24T15:10+09:00",
"description": "Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.\r\n\r\nKusano Kazuhiko reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000186",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN06726266/index.html",
"@id": "JVN#06726266",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4870",
"@id": "CVE-2016-4870",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4870",
"@id": "CVE-2016-4870",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "\"Schedule\" function in Cybozu Office vulnerable to cross-site scripting"
}
jvndb-2016-000191
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:05
Severity
Summary
Cybozu Office vulnerable to information disclosure
Details
Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed.
Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the page where CGI environment variables are displayed. Therefore, session information may be disclosed if the contents of this page is read in some way.
Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN09736331/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4869 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4869 |
| Information Exposure(CWE-200) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html",
"dc:date": "2017-04-24T15:05+09:00",
"dcterms:issued": "2016-10-03T15:43+09:00",
"dcterms:modified": "2017-04-24T15:05+09:00",
"description": "Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed.\r\n\r\nCookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the page where CGI environment variables are displayed. Therefore, session information may be disclosed if the contents of this page is read in some way.\r\n\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000191",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN09736331/index.html",
"@id": "JVN#09736331",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4869",
"@id": "CVE-2016-4869",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4869",
"@id": "CVE-2016-4869",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Cybozu Office vulnerable to information disclosure"
}
jvndb-2016-000020
Vulnerability from jvndb
Published
2016-02-15 15:43
Modified
2016-02-23 16:32
Severity
Summary
Cybozu Office vulnerable to denial-of-service (DoS)
Details
Cybozu Office contains a denial-of-service (DoS) vulnerability due to an issue in "customapp".
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000020.html",
"dc:date": "2016-02-23T16:32+09:00",
"dcterms:issued": "2016-02-15T15:43+09:00",
"dcterms:modified": "2016-02-23T16:32+09:00",
"description": "Cybozu Office contains a denial-of-service (DoS) vulnerability due to an issue in \"customapp\".",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000020.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000020",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN20246313/index.html",
"@id": "JVN#20246313",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8489",
"@id": "CVE-2015-8489",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1153",
"@id": "CVE-2016-1153",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8489",
"@id": "CVE-2015-8489",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1153",
"@id": "CVE-2016-1153",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Cybozu Office vulnerable to denial-of-service (DoS)"
}
jvndb-2016-000185
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:05
Severity
Summary
"Project" function in Cybozu Office vulnerable to cross-site scripting
Details
Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.
Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN06726266/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4866 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4866 |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html",
"dc:date": "2017-04-24T15:05+09:00",
"dcterms:issued": "2016-10-03T15:43+09:00",
"dcterms:modified": "2017-04-24T15:05+09:00",
"description": "Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.\r\n\r\nYuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000185",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN06726266/index.html",
"@id": "JVN#06726266",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4866",
"@id": "CVE-2016-4866",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4866",
"@id": "CVE-2016-4866",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "\"Project\" function in Cybozu Office vulnerable to cross-site scripting"
}
jvndb-2016-000025
Vulnerability from jvndb
Published
2016-02-15 16:20
Modified
2016-02-23 16:32
Severity
Summary
Cybozu Office vulnerable to open redirect
Details
Cybozu Office contains an open redirect vulnerability in network functions.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN71428831/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8483 |
| NVD | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8483 |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000025.html",
"dc:date": "2016-02-23T16:32+09:00",
"dcterms:issued": "2016-02-15T16:20+09:00",
"dcterms:modified": "2016-02-23T16:32+09:00",
"description": "Cybozu Office contains an open redirect vulnerability in network functions.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000025.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000025",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN71428831/index.html",
"@id": "JVN#71428831",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8483",
"@id": "CVE-2015-8483",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8483",
"@id": "CVE-2015-8483",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Cybozu Office vulnerable to open redirect"
}
jvndb-2016-000023
Vulnerability from jvndb
Published
2016-02-15 15:45
Modified
2016-02-23 16:32
Severity
Summary
Cybozu Office access restriction bypass vulnerability
Details
Cybozu Office contains an access restriction bypass vulnerability in multiple functions.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000023.html",
"dc:date": "2016-02-23T16:32+09:00",
"dcterms:issued": "2016-02-15T15:45+09:00",
"dcterms:modified": "2016-02-23T16:32+09:00",
"description": "Cybozu Office contains an access restriction bypass vulnerability in multiple functions.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000023.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000023",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN48720230/index.html",
"@id": "JVN#48720230",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8484",
"@id": "CVE-2015-8484",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8485",
"@id": "CVE-2015-8485",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8486",
"@id": "CVE-2015-8486",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1152",
"@id": "CVE-2016-1152",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8484",
"@id": "CVE-2015-8484",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8485",
"@id": "CVE-2015-8485",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8486",
"@id": "CVE-2015-8486",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1152",
"@id": "CVE-2016-1152",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Office access restriction bypass vulnerability"
}
jvndb-2011-000047
Vulnerability from jvndb
Published
2011-06-24 19:23
Modified
2011-06-24 19:23
Summary
Cybozu Office vulnerable to cross-site scripting
Details
Cybozu Office contains a cross-site scripting vulnerability.
Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability due to issues contained in the address book and user list functions.
NetAgent Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000047.html",
"dc:date": "2011-06-24T19:23+09:00",
"dcterms:issued": "2011-06-24T19:23+09:00",
"dcterms:modified": "2011-06-24T19:23+09:00",
"description": "Cybozu Office contains a cross-site scripting vulnerability.\r\n\r\nCybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability due to issues contained in the address book and user list functions.\r\n\r\nNetAgent Co.,Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000047.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000047",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN55508059",
"@id": "JVN#55508059",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1335",
"@id": "CVE-2011-1335",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1335",
"@id": "CVE-2011-1335",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/44992",
"@id": "SA44992 ",
"@source": "SECUNIA"
},
{
"#text": "http://secunia.com/advisories/45050",
"@id": "SA45050 ",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/48446",
"@id": "48446",
"@source": "BID"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Office vulnerable to cross-site scripting"
}
jvndb-2007-000815
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Multiple Cybozu products vulnerable to cross-site scripting
Details
Multiple Cybozu products are vulnerable to cross-site scripting.
Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN#50342989.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000815.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Multiple Cybozu products are vulnerable to cross-site scripting.\r\n\r\nMultiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN#50342989.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000815.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dotsales",
"@product": "Cybozu Dotsales",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000815",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVN90712589/index.html",
"@id": "JVN#90712589",
"@source": "JVN"
},
"title": "Multiple Cybozu products vulnerable to cross-site scripting"
}
jvndb-2016-000190
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:05
Severity
Summary
Cybozu Office vulnerable to mail header injection
Details
Cybozu Office contains a mail header injection vulnerability in the process of sending emails.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN08736331/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4868 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4868 |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html",
"dc:date": "2017-04-24T15:05+09:00",
"dcterms:issued": "2016-10-03T15:43+09:00",
"dcterms:modified": "2017-04-24T15:05+09:00",
"description": "Cybozu Office contains a mail header injection vulnerability in the process of sending emails.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000190",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN08736331/index.html",
"@id": "JVN#08736331",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4868",
"@id": "CVE-2016-4868",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4868",
"@id": "CVE-2016-4868",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Cybozu Office vulnerable to mail header injection"
}
jvndb-2007-000812
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cybozu Office denial of service (DoS) vulnerability
Details
Cybozu Office contains a denial of service (DoS) vulnerability.
Cybozu Office, web-based groupware, is vulnerable to a denial of service (DoS) attack because it fails to properly handle specially crafted HTTP requests.
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000812.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Cybozu Office contains a denial of service (DoS) vulnerability.\r\n\r\nCybozu Office, web-based groupware, is vulnerable to a denial of service (DoS) attack because it fails to properly handle specially crafted HTTP requests.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000812.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000812",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVN77414947/index.html",
"@id": "JVN#77414947",
"@source": "JVN"
},
"title": "Cybozu Office denial of service (DoS) vulnerability"
}
jvndb-2007-000814
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Multiple Cybozu products vulnerable to HTTP header injection
Details
Multiple Cybozu products are vulnerable to HTTP header injection.
Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers.
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000814.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Multiple Cybozu products are vulnerable to HTTP header injection.\r\n\r\nMultiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000814.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000814",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVN77730435/index.html",
"@id": "JVN#77730435",
"@source": "JVN"
},
"title": "Multiple Cybozu products vulnerable to HTTP header injection"
}
jvndb-2016-000193
Vulnerability from jvndb
Published
2016-10-03 15:47
Modified
2017-04-24 15:10
Severity
Summary
Cybozu Office vulnerable to Reflected File Download (RFD)
Details
Cybozu Office contains a Reflected File Download (RFD) vulnerability.
Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html",
"dc:date": "2017-04-24T15:10+09:00",
"dcterms:issued": "2016-10-03T15:47+09:00",
"dcterms:modified": "2017-04-24T15:10+09:00",
"description": "Cybozu Office contains a Reflected File Download (RFD) vulnerability.\r\n\r\nJun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000193",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN11288252/index.html",
"@id": "JVN#11288252",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4874",
"@id": "CVE-2016-4874",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4874",
"@id": "CVE-2016-4874",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Cybozu Office vulnerable to Reflected File Download (RFD)"
}
jvndb-2024-000079
Vulnerability from jvndb
Published
2024-08-06 14:59
Modified
2024-08-06 14:59
Severity
Summary
Cybozu Office vulnerable to bypass browsing restrictions in Custom App
Details
Cybozu Office provided by Cybozu, Inc. contains a vulnerability which allows to bypass browsing restrictions in Custom App (CWE-201).
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN29845579/index.html |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-39817 |
| Information Exposure(CWE-200) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000079.html",
"dc:date": "2024-08-06T14:59+09:00",
"dcterms:issued": "2024-08-06T14:59+09:00",
"dcterms:modified": "2024-08-06T14:59+09:00",
"description": "Cybozu Office provided by Cybozu, Inc. contains a vulnerability which allows to bypass browsing restrictions in Custom App (CWE-201).\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000079.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000079",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN29845579/index.html",
"@id": "JVN#29845579",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-39817",
"@id": "CVE-2024-39817",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Cybozu Office vulnerable to bypass browsing restrictions in Custom App"
}
jvndb-2016-000188
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:10
Severity
Summary
Breadcrumb trail in Cybozu Office vulnerable vulnerable to browse restriction bypass
Details
Cybozu Office provided by Cybozu,Inc. contains a browse restriction bypass vulnerability in the breadcrumb trail.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html",
"dc:date": "2017-04-24T15:10+09:00",
"dcterms:issued": "2016-10-03T15:43+09:00",
"dcterms:modified": "2017-04-24T15:10+09:00",
"description": "Cybozu Office provided by Cybozu,Inc. contains a browse restriction bypass vulnerability in the breadcrumb trail.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000188",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN07148816/index.html",
"@id": "JVN#07148816",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4872",
"@id": "CVE-2016-4872",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4872",
"@id": "CVE-2016-4872",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Breadcrumb trail in Cybozu Office vulnerable vulnerable to browse restriction bypass"
}
jvndb-2018-000120
Vulnerability from jvndb
Published
2018-11-14 15:38
Modified
2019-08-27 12:28
Severity
Summary
Multiple directory traversal vulnerabilities in Cybozu Office
Details
Cybozu Office provided by Cybozu, Inc. contains multiple directory traversal vulnerabilities below.
* Directory traversal vulnerability due to a flaw in processing parameter of the HTTP request (CWE-22) - CVE-2018-0703
* Directory traversal vulnerability due to a flaw in processing parameter when logging out Keitai Screen (CWE-22) - CVE-2018-0704
Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000120.html",
"dc:date": "2019-08-27T12:28+09:00",
"dcterms:issued": "2018-11-14T15:38+09:00",
"dcterms:modified": "2019-08-27T12:28+09:00",
"description": "Cybozu Office provided by Cybozu, Inc. contains multiple directory traversal vulnerabilities below.\r\n* Directory traversal vulnerability due to a flaw in processing parameter of the HTTP request (CWE-22) - CVE-2018-0703\r\n* Directory traversal vulnerability due to a flaw in processing parameter when logging out Keitai Screen (CWE-22) - CVE-2018-0704\r\n\r\nYuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000120.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"@version": "2.0"
},
{
"@score": "8.6",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000120",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN15232217/index.html",
"@id": "JVN#15232217",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0703",
"@id": "CVE-2018-0703",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0704",
"@id": "CVE-2018-0704",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0703",
"@id": "CVE-2018-0703",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0704",
"@id": "CVE-2018-0704",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Multiple directory traversal vulnerabilities in Cybozu Office"
}
jvndb-2007-000813
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Multiple Cybozu products vulnerable to cross-site scripting
Details
Multiple Cybozu products are vulnerable to cross-site scripting.
Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN#90712589.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000813.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Multiple Cybozu products are vulnerable to cross-site scripting.\r\n\r\nMultiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN#90712589.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000813.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dotsales",
"@product": "Cybozu Dotsales",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000813",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVN50342989/index.html",
"@id": "JVN#50342989",
"@source": "JVN"
},
"title": "Multiple Cybozu products vulnerable to cross-site scripting"
}
jvndb-2016-000187
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:05
Severity
Summary
"Project" function in Cybozu Office vulnerable vulnerable to access restriction bypass
Details
Cybozu Office provided by Cybozu,Inc. contains an access restriction bypass vulnerability in the "Project" function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html",
"dc:date": "2017-04-24T15:05+09:00",
"dcterms:issued": "2016-10-03T15:43+09:00",
"dcterms:modified": "2017-04-24T15:05+09:00",
"description": "Cybozu Office provided by Cybozu,Inc. contains an access restriction bypass vulnerability in the \"Project\" function.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000187",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN07148816/index.html",
"@id": "JVN#07148816",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4867",
"@id": "CVE-2016-4867",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4867",
"@id": "CVE-2016-4867",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "\"Project\" function in Cybozu Office vulnerable vulnerable to access restriction bypass"
}
jvndb-2013-000118
Vulnerability from jvndb
Published
2013-12-10 14:13
Modified
2013-12-18 14:51
Summary
Cybozu Dezie vulnerable to cross-site scripting
Details
Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability.
Ken Asai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Dezie |
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000118.html",
"dc:date": "2013-12-18T14:51+09:00",
"dcterms:issued": "2013-12-10T14:13+09:00",
"dcterms:modified": "2013-12-18T14:51+09:00",
"description": "Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability.\r\n\r\nKen Asai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000118.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000118",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN21336955/index.html",
"@id": "JVN#21336955",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6005",
"@id": "CVE-2013-6005",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6005",
"@id": "CVE-2013-6005",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Dezie vulnerable to cross-site scripting"
}
jvndb-2010-000016
Vulnerability from jvndb
Published
2010-04-21 17:27
Modified
2010-04-21 17:27
Summary
Multiple Cybozu products vulnerable to authentication bypass
Details
Multiple Cybozu products contain an authentication bypass vulnerability.
Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Dotsales |
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000016.html",
"dc:date": "2010-04-21T17:27+09:00",
"dcterms:issued": "2010-04-21T17:27+09:00",
"dcterms:modified": "2010-04-21T17:27+09:00",
"description": "Multiple Cybozu products contain an authentication bypass vulnerability.\r\n\r\nMultiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000016.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dotsales",
"@product": "Cybozu Dotsales",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000016",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN87730223/index.html",
"@id": "JVN#87730223",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2029",
"@id": "CVE-2010-2029",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2029",
"@id": "CVE-2010-2029",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html",
"@id": "Security Alert for Vulnerability in Multiple Cybozu Products",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://secunia.com/advisories/39508",
"@id": "SA39508",
"@source": "SECUNIA"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/57976",
"@id": "57976",
"@source": "XF"
},
{
"#text": "http://www.osvdb.org/63933",
"@id": "63933",
"@source": "OSVDB"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Multiple Cybozu products vulnerable to authentication bypass"
}
jvndb-2016-000022
Vulnerability from jvndb
Published
2016-02-15 15:44
Modified
2016-02-23 16:32
Severity
Summary
Cybozu Office vulnerable to information disclosure
Details
Cybozu Office contains an information disclosure vulnerability.
Note that this vulnerability is different from JVN#28042424.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000022.html",
"dc:date": "2016-02-23T16:32+09:00",
"dcterms:issued": "2016-02-15T15:44+09:00",
"dcterms:modified": "2016-02-23T16:32+09:00",
"description": "Cybozu Office contains an information disclosure vulnerability.\r\n\r\nNote that this vulnerability is different from JVN#28042424.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000022.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000022",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN47296923/index.html",
"@id": "JVN#47296923",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8487",
"@id": "CVE-2015-8487",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8487",
"@id": "CVE-2015-8487",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Cybozu Office vulnerable to information disclosure"
}
jvndb-2014-000130
Vulnerability from jvndb
Published
2014-11-11 13:36
Modified
2014-11-25 17:52
Summary
Multiple Cybozu products vulnerable to buffer overflow
Details
Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability (CWE-119).
Masaaki Chida of GREE, Inc. reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000130.html",
"dc:date": "2014-11-25T17:52+09:00",
"dcterms:issued": "2014-11-11T13:36+09:00",
"dcterms:modified": "2014-11-25T17:52+09:00",
"description": "Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability (CWE-119).\r\n\r\nMasaaki Chida of GREE, Inc. reported this vulnerability to the developer.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000130.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:mailwise",
"@product": "Cybozu Mailwise",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000130",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN14691234/index.html",
"@id": "JVN#14691234",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5314",
"@id": "CVE-2014-5314",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5314",
"@id": "CVE-2014-5314",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20141111-jvn.html",
"@id": "Security Alert for Multiple Cybozu products vulnerable to buffer overflow (JVN#14691234)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Multiple Cybozu products vulnerable to buffer overflow"
}
jvndb-2016-000024
Vulnerability from jvndb
Published
2016-02-15 16:20
Modified
2016-02-23 16:32
Severity
Summary
Cybozu Office vulnerable to cross-site request forgery
Details
Cybozu Office contains a cross-site request forgery vulnerability (CWE-352) in multiple functions.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN64209269/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1151 |
| NVD | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1151 |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000024.html",
"dc:date": "2016-02-23T16:32+09:00",
"dcterms:issued": "2016-02-15T16:20+09:00",
"dcterms:modified": "2016-02-23T16:32+09:00",
"description": "Cybozu Office contains a cross-site request forgery vulnerability (CWE-352) in multiple functions.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000024.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000024",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN64209269/index.html",
"@id": "JVN#64209269",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1151",
"@id": "CVE-2016-1151",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1151",
"@id": "CVE-2016-1151",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Cybozu Office vulnerable to cross-site request forgery"
}
jvndb-2005-000757
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cybozu Office browser script execution vulnerability
Details
The HTML-mail compliant web mail function of Cybozu Office contains a vulnerability that may allow an attacker to execute browser script.
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000757.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "The HTML-mail compliant web mail function of Cybozu Office contains a vulnerability that may allow an attacker to execute browser script.",
"link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000757.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2005-000757",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVN8F8B1C85/index.html",
"@id": "JVN#8F8B1C85",
"@source": "JVN"
},
"title": "Cybozu Office browser script execution vulnerability"
}
jvndb-2011-000079
Vulnerability from jvndb
Published
2011-10-11 09:11
Modified
2011-11-28 16:48
Summary
Cybozu Office vulnerable in restricting access
Details
Cybozu Office contains a vulnerability in restricting access permissions.
Cybozu Office is a groupware.Cybozu Office contains a vulnerability in restricting access permissions.
Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000079.html",
"dc:date": "2011-11-28T16:48+09:00",
"dcterms:issued": "2011-10-11T09:11+09:00",
"dcterms:modified": "2011-11-28T16:48+09:00",
"description": "Cybozu Office contains a vulnerability in restricting access permissions.\r\n\r\nCybozu Office is a groupware.Cybozu Office contains a vulnerability in restricting access permissions.\r\n\r\nMasako Ohno reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000079.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000079",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN84838479/index.html",
"@id": "JVN#84838479",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2677",
"@id": "CVE-2011-2677",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2677",
"@id": "CVE-2011-2677",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Office vulnerable in restricting access"
}
jvndb-2011-000045
Vulnerability from jvndb
Published
2011-06-24 19:18
Modified
2011-06-24 19:18
Summary
Multiple Cybozu products vulnerable to cross-site scripting
Details
Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability.
Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the bulletin board system.
Sen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000045.html",
"dc:date": "2011-06-24T19:18+09:00",
"dcterms:issued": "2011-06-24T19:18+09:00",
"dcterms:modified": "2011-06-24T19:18+09:00",
"description": "Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability.\r\n\r\nMultiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the bulletin board system.\r\n\r\nSen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000045.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000045",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN80877328/index.html",
"@id": "JVN#80877328",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1333",
"@id": "CVE-2011-1333",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1333",
"@id": "CVE-2011-1333",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple Cybozu products vulnerable to cross-site scripting"
}
jvndb-2016-000021
Vulnerability from jvndb
Published
2016-02-15 15:44
Modified
2016-02-23 16:32
Severity
Summary
Cybozu Office vulnerable to information disclosure
Details
Cybozu Office contains an information disclosure vulnerability in the mail function.
Note that this vulnerability is different from JVN#47296923.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000021.html",
"dc:date": "2016-02-23T16:32+09:00",
"dcterms:issued": "2016-02-15T15:44+09:00",
"dcterms:modified": "2016-02-23T16:32+09:00",
"description": "Cybozu Office contains an information disclosure vulnerability in the mail function.\r\n\r\nNote that this vulnerability is different from JVN#47296923.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000021.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000021",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN28042424/index.html",
"@id": "JVN#28042424",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8488",
"@id": "CVE-2015-8488",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8488",
"@id": "CVE-2015-8488",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Office vulnerable to information disclosure"
}
jvndb-2021-000022
Vulnerability from jvndb
Published
2021-03-15 15:56
Modified
2021-12-17 17:51
Severity
Summary
Multiple vulnerabilities in Cybozu Office
Details
Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
*[CyVDB-1657] Operational restrictions bypass vulnerability in Scheduler (CWE-264) - CVE-2021-20624
*[CyVDB-1727] Operational restrictions bypass vulnerability in Bulletin Board (CWE-264) - CVE-2021-20625
*[CyVDB-1895][CyVDB-2658] Operational restrictions bypass vulnerability in Workflow (CWE-264) - CVE-2021-20626
*[CyVDB-1899] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20627
*[CyVDB-1924] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20628
*[CyVDB-2014] Cross-site scripting vulnerability in E-mail (CWE-79) - CVE-2021-20629
*[CyVDB-2018] Viewing restrictions bypass vulnerability in Phone Messages (CWE-264) - CVE-2021-20630
*[CyVDB-2063] Improper input validation vulnerability in Custom App (CWE-20) - CVE-2021-20631
*[CyVDB-2263] Viewing restrictions bypass vulnerability in Bulletin Board (CWE-264) - CVE-2021-20632
*[CyVDB-2310] Viewing restrictions bypass vulnerability in Cabinet (CWE-264) - CVE-2021-20633
*[CyVDB-2764] Viewing restrictions bypass vulnerability in Custom App (CWE-264) - CVE-2021-20634
*[CyVDB-1900] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20849
CVE-2021-20624, CVE-2021-20625 and CVE-2021-20629
Yuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20627, CVE-2021-20628 and CVE-2021-20849
Kanta Nishitani of Ierae Security Inc. reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20630 and CVE-2021-20631
Shuichi Uruma reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20626, CVE-2021-20632, CVE-2021-20633 and CVE-2021-20634
Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000022.html",
"dc:date": "2021-12-17T17:51+09:00",
"dcterms:issued": "2021-03-15T15:56+09:00",
"dcterms:modified": "2021-12-17T17:51+09:00",
"description": "Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n*[CyVDB-1657] Operational restrictions bypass vulnerability in Scheduler (CWE-264) - CVE-2021-20624\r\n*[CyVDB-1727] Operational restrictions bypass vulnerability in Bulletin Board (CWE-264) - CVE-2021-20625\r\n*[CyVDB-1895][CyVDB-2658] Operational restrictions bypass vulnerability in Workflow (CWE-264) - CVE-2021-20626\r\n*[CyVDB-1899] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20627\r\n*[CyVDB-1924] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20628\r\n*[CyVDB-2014] Cross-site scripting vulnerability in E-mail (CWE-79) - CVE-2021-20629\r\n*[CyVDB-2018] Viewing restrictions bypass vulnerability in Phone Messages (CWE-264) - CVE-2021-20630\r\n*[CyVDB-2063] Improper input validation vulnerability in Custom App (CWE-20) - CVE-2021-20631\r\n*[CyVDB-2263] Viewing restrictions bypass vulnerability in Bulletin Board (CWE-264) - CVE-2021-20632\r\n*[CyVDB-2310] Viewing restrictions bypass vulnerability in Cabinet (CWE-264) - CVE-2021-20633\r\n*[CyVDB-2764] Viewing restrictions bypass vulnerability in Custom App (CWE-264) - CVE-2021-20634\r\n*[CyVDB-1900] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20849\r\n\r\nCVE-2021-20624, CVE-2021-20625 and CVE-2021-20629\r\nYuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20627, CVE-2021-20628 and CVE-2021-20849\r\nKanta Nishitani of Ierae Security Inc. reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20630 and CVE-2021-20631\r\nShuichi Uruma reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20626, CVE-2021-20632, CVE-2021-20633 and CVE-2021-20634\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000022.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000022",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN45797538/index.html",
"@id": "JVN#45797538",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20624",
"@id": "CVE-2021-20624",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20625",
"@id": "CVE-2021-20625",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20626",
"@id": "CVE-2021-20626",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20627",
"@id": "CVE-2021-20627",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20628",
"@id": "CVE-2021-20628",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20629",
"@id": "CVE-2021-20629",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20630",
"@id": "CVE-2021-20630",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20631",
"@id": "CVE-2021-20631",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20632",
"@id": "CVE-2021-20632",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20633",
"@id": "CVE-2021-20633",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20634",
"@id": "CVE-2021-20634",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20849",
"@id": "CVE-2021-20849",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20624",
"@id": "CVE-2021-20624",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20625",
"@id": "CVE-2021-20625",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20626",
"@id": "CVE-2021-20626",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20627",
"@id": "CVE-2021-20627",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20628",
"@id": "CVE-2021-20628",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20629",
"@id": "CVE-2021-20629",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20630",
"@id": "CVE-2021-20630",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20631",
"@id": "CVE-2021-20631",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20632",
"@id": "CVE-2021-20632",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20633",
"@id": "CVE-2021-20633",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20634",
"@id": "CVE-2021-20634",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20849",
"@id": "CVE-2021-20849",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in Cybozu Office"
}