All the vulnerabilites related to Cybozu, Inc. - Cybozu Office
jvndb-2013-000118
Vulnerability from jvndb
Published
2013-12-10 14:13
Modified
2013-12-18 14:51
Severity ?
() - -
Summary
Cybozu Dezie vulnerable to cross-site scripting
Details
Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability. Ken Asai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000118.html",
  "dc:date": "2013-12-18T14:51+09:00",
  "dcterms:issued": "2013-12-10T14:13+09:00",
  "dcterms:modified": "2013-12-18T14:51+09:00",
  "description": "Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability.\r\n\r\nKen Asai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000118.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:dezie",
      "@product": "Cybozu Dezie",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:office",
      "@product": "Cybozu Office",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2013-000118",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN21336955/index.html",
      "@id": "JVN#21336955",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6005",
      "@id": "CVE-2013-6005",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6005",
      "@id": "CVE-2013-6005",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Cybozu Dezie vulnerable to cross-site scripting"
}

jvndb-2016-000022
Vulnerability from jvndb
Published
2016-02-15 15:44
Modified
2016-02-23 16:32
Severity ?
Summary
Cybozu Office vulnerable to information disclosure
Details
Cybozu Office contains an information disclosure vulnerability. Note that this vulnerability is different from JVN#28042424.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000022.html",
  "dc:date": "2016-02-23T16:32+09:00",
  "dcterms:issued": "2016-02-15T15:44+09:00",
  "dcterms:modified": "2016-02-23T16:32+09:00",
  "description": "Cybozu Office contains an information disclosure vulnerability.\r\n\r\nNote that this vulnerability is different from JVN#28042424.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000022.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000022",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN47296923/index.html",
      "@id": "JVN#47296923",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8487",
      "@id": "CVE-2015-8487",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8487",
      "@id": "CVE-2015-8487",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    }
  ],
  "title": "Cybozu Office vulnerable to information disclosure"
}

jvndb-2007-000814
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Multiple Cybozu products vulnerable to HTTP header injection
Details
Multiple Cybozu products are vulnerable to HTTP header injection. Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers.
References
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000814.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Multiple Cybozu products are vulnerable to HTTP header injection.\r\n\r\nMultiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000814.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:office",
      "@product": "Cybozu Office",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000814",
  "sec:references": {
    "#text": "http://jvn.jp/en/jp/JVN77730435/index.html",
    "@id": "JVN#77730435",
    "@source": "JVN"
  },
  "title": "Multiple Cybozu products vulnerable to HTTP header injection"
}

jvndb-2017-000225
Vulnerability from jvndb
Published
2017-10-11 14:28
Modified
2018-03-07 12:21
Severity ?
Summary
Cybozu Office fails to restrict access permissions
Details
Cybozu Office fails to restrict access permissions. Cybozu Office provided by Cybozu, Inc. fails to restrict access permissions (CWE-284) due to an issue in "Cabinet" function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000225.html",
  "dc:date": "2018-03-07T12:21+09:00",
  "dcterms:issued": "2017-10-11T14:28+09:00",
  "dcterms:modified": "2018-03-07T12:21+09:00",
  "description": "Cybozu Office fails to restrict access permissions.\r\n\r\nCybozu Office provided by Cybozu, Inc. fails to restrict access permissions (CWE-284) due to an issue in \"Cabinet\" function.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000225.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000225",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN14658424/index.html",
      "@id": "JVN#14658424",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10857",
      "@id": "CVE-2017-10857",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10857",
      "@id": "CVE-2017-10857",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Cybozu Office fails to restrict access permissions"
}

jvndb-2007-000812
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Cybozu Office denial of service (DoS) vulnerability
Details
Cybozu Office contains a denial of service (DoS) vulnerability. Cybozu Office, web-based groupware, is vulnerable to a denial of service (DoS) attack because it fails to properly handle specially crafted HTTP requests.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000812.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Cybozu Office contains a denial of service (DoS) vulnerability.\r\n\r\nCybozu Office, web-based groupware, is vulnerable to a denial of service (DoS) attack because it fails to properly handle specially crafted HTTP requests.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000812.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000812",
  "sec:references": {
    "#text": "http://jvn.jp/en/jp/JVN77414947/index.html",
    "@id": "JVN#77414947",
    "@source": "JVN"
  },
  "title": "Cybozu Office denial of service (DoS) vulnerability"
}

jvndb-2007-000815
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Multiple Cybozu products vulnerable to cross-site scripting
Details
Multiple Cybozu products are vulnerable to cross-site scripting. Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN#50342989.
References
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000815.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Multiple Cybozu products are vulnerable to cross-site scripting.\r\n\r\nMultiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN#50342989.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000815.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:dotsales",
      "@product": "Cybozu Dotsales",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:office",
      "@product": "Cybozu Office",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000815",
  "sec:references": {
    "#text": "http://jvn.jp/en/jp/JVN90712589/index.html",
    "@id": "JVN#90712589",
    "@source": "JVN"
  },
  "title": "Multiple Cybozu products vulnerable to cross-site scripting"
}

jvndb-2008-000033
Vulnerability from jvndb
Published
2008-07-08 12:14
Modified
2008-07-08 12:14
Severity ?
() - -
Summary
Multiple Cybozu products vulnerable to cross-site request forgery
Details
Multiple Cybozu products contain a cross-site request forgery vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000033.html",
  "dc:date": "2008-07-08T12:14+09:00",
  "dcterms:issued": "2008-07-08T12:14+09:00",
  "dcterms:modified": "2008-07-08T12:14+09:00",
  "description": "Multiple Cybozu products contain a cross-site request forgery vulnerability.\r\n\r\nDaiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000033.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:dezie",
      "@product": "Cybozu Dezie",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:office",
      "@product": "Cybozu Office",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2008-000033",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN18405927/index.html",
      "@id": "JVN#18405927",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6744",
      "@id": "CVE-2008-6744",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6744",
      "@id": "CVE-2008-6744",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/30882",
      "@id": "SA30882",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://osvdb.org/46575",
      "@id": "46575",
      "@source": "OSVDB"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000033.html",
      "@id": "JVNDB-2008-000033",
      "@source": "JVNDB_Ja"
    }
  ],
  "title": "Multiple Cybozu products vulnerable to cross-site request forgery"
}

jvndb-2018-000053
Vulnerability from jvndb
Published
2018-05-22 14:30
Modified
2018-08-30 16:03
Severity ?
Summary
Multiple vulnerabilities in Cybozu Office
Details
Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. *Information disclosure in the application "Message" when viewing an external image (CWE-200) - CVE-2018-0526 *Stored cross-site scripting in "E-mail Details Screen" of the application "E-mail" (CWE-79) - CVE-2018-0527 *Browse restriction bypass in the application "Scheduler" (CWE-264) - CVE-2018-0528 *Denial-of-service (DoS) in the application "Message" due to a flaw in processing of an attached file (CWE-20) - CVE-2018-0529 *Reflected cross-site scripting in the application "MultiReport" (CWE-79) - CVE-2018-0565 *Browse restriction bypass in the application "Scheduler" (CWE-264) - CVE-2018-0566 *Operation restriction bypass in the application "Bulletin" (CWE-264) - CVE-2018-0567 Jun Kokatsu reported CVE-2018-0526 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. Masato Kinugawa reported CVE-2018-0527 and CVE-2018-0565 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. Cybozu, Inc. reported CVE-2018-0528, CVE-2018-0529 and CVE-2018-0566 vulnerabilities to JPCERT/CC to notify users of respective solutions through JVN. Yuji Tounai reported CVE-2018-0567 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000053.html",
  "dc:date": "2018-08-30T16:03+09:00",
  "dcterms:issued": "2018-05-22T14:30+09:00",
  "dcterms:modified": "2018-08-30T16:03+09:00",
  "description": "Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n\r\n*Information disclosure in the application \"Message\" when viewing an external image (CWE-200) - CVE-2018-0526\r\n*Stored cross-site scripting in \"E-mail Details Screen\" of the application \"E-mail\" (CWE-79) - CVE-2018-0527\r\n*Browse restriction bypass in the application \"Scheduler\" (CWE-264) - CVE-2018-0528\r\n*Denial-of-service (DoS) in the application \"Message\" due to a flaw in processing of an attached file  (CWE-20) - CVE-2018-0529\r\n*Reflected cross-site scripting in the application \"MultiReport\" (CWE-79) - CVE-2018-0565\r\n*Browse restriction bypass in the application \"Scheduler\" (CWE-264) - CVE-2018-0566\t\r\n*Operation restriction bypass in the application \"Bulletin\" (CWE-264) - CVE-2018-0567\r\n\r\nJun Kokatsu reported CVE-2018-0526 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nMasato Kinugawa reported CVE-2018-0527 and CVE-2018-0565 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCybozu, Inc. reported CVE-2018-0528, CVE-2018-0529 and CVE-2018-0566 vulnerabilities to JPCERT/CC to notify users of respective solutions through JVN.\r\n\r\nYuji Tounai reported CVE-2018-0567 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000053.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000053",
  "sec:references": [
    {
      "#text": "https://jvn.jp/jp/JVN51737843/index.html",
      "@id": "JVN#51737843",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0526",
      "@id": "CVE-2018-0526",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0527",
      "@id": "CVE-2018-0527",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0528",
      "@id": "CVE-2018-0528",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0529",
      "@id": "CVE-2018-0529",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0565",
      "@id": "CVE-2018-0565",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0566",
      "@id": "CVE-2018-0566",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0567",
      "@id": "CVE-2018-0567",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0565",
      "@id": "CVE-2018-0565",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0566",
      "@id": "CVE-2018-0566",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0567",
      "@id": "CVE-2018-0567",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0526",
      "@id": "CVE-2018-0526",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0527",
      "@id": "CVE-2018-0527",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0528",
      "@id": "CVE-2018-0528",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0529",
      "@id": "CVE-2018-0529",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Office"
}

jvndb-2016-000190
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:05
Severity ?
Summary
Cybozu Office vulnerable to mail header injection
Details
Cybozu Office contains a mail header injection vulnerability in the process of sending emails. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html",
  "dc:date": "2017-04-24T15:05+09:00",
  "dcterms:issued": "2016-10-03T15:43+09:00",
  "dcterms:modified": "2017-04-24T15:05+09:00",
  "description": "Cybozu Office contains a mail header injection vulnerability in the process of sending emails.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000190",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN08736331/index.html",
      "@id": "JVN#08736331",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4868",
      "@id": "CVE-2016-4868",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4868",
      "@id": "CVE-2016-4868",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    }
  ],
  "title": "Cybozu Office vulnerable to mail header injection"
}

jvndb-2007-000813
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Multiple Cybozu products vulnerable to cross-site scripting
Details
Multiple Cybozu products are vulnerable to cross-site scripting. Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN#90712589.
References
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000813.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Multiple Cybozu products are vulnerable to cross-site scripting.\r\n\r\nMultiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN#90712589.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000813.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:dotsales",
      "@product": "Cybozu Dotsales",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:office",
      "@product": "Cybozu Office",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000813",
  "sec:references": {
    "#text": "http://jvn.jp/en/jp/JVN50342989/index.html",
    "@id": "JVN#50342989",
    "@source": "JVN"
  },
  "title": "Multiple Cybozu products vulnerable to cross-site scripting"
}

jvndb-2017-000066
Vulnerability from jvndb
Published
2017-04-11 16:05
Modified
2017-04-11 16:05
Severity ?
Summary
The API in Cybozu Office vulnerable to denial-of-service (DoS)
Details
The API in Cybozu Office contains a denial-of-service (DoS) vulnerability. Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000066.html",
  "dc:date": "2017-04-11T16:05+09:00",
  "dcterms:issued": "2017-04-11T16:05+09:00",
  "dcterms:modified": "2017-04-11T16:05+09:00",
  "description": "The API in Cybozu Office contains a denial-of-service (DoS) vulnerability.\r\n\r\nCybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000066.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
      "@version": "2.0"
    },
    {
      "@score": "7.5",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000066",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN17535578/index.html",
      "@id": "JVN#17535578",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449",
      "@id": "CVE-2016-4449",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4449",
      "@id": "CVE-2016-4449",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    }
  ],
  "title": "The API in Cybozu Office vulnerable to denial-of-service (DoS)"
}

jvndb-2017-000063
Vulnerability from jvndb
Published
2017-04-11 16:05
Modified
2017-06-01 11:30
Severity ?
Summary
The design setting screen in Cybozu Office vulnerable to cross-site scripting
Details
The design setting screen in Cybozu Office contains a cross-site scripting vulnerability. Kazuto Sagamihara reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000063.html",
  "dc:date": "2017-06-01T11:30+09:00",
  "dcterms:issued": "2017-04-11T16:05+09:00",
  "dcterms:modified": "2017-06-01T11:30+09:00",
  "description": "The design setting screen in Cybozu Office contains a cross-site scripting vulnerability.\r\n\r\nKazuto Sagamihara reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000063.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.4",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000063",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN17535578/index.html",
      "@id": "JVN#17535578",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2114",
      "@id": "CVE-2017-2114",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2114",
      "@id": "CVE-2017-2114",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "The design setting screen in Cybozu Office vulnerable to cross-site scripting"
}

jvndb-2016-000192
Vulnerability from jvndb
Published
2016-10-03 15:46
Modified
2017-04-24 15:10
Severity ?
Summary
Cybozu Office vulnerable to denial-of-service (DoS)
Details
Cybozu Office contains a denial-of-service (DoS) vulnerability. Shuichi Uruma reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html",
  "dc:date": "2017-04-24T15:10+09:00",
  "dcterms:issued": "2016-10-03T15:46+09:00",
  "dcterms:modified": "2017-04-24T15:10+09:00",
  "description": "Cybozu Office contains a denial-of-service (DoS) vulnerability.\r\n\r\nShuichi Uruma reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
      "@version": "2.0"
    },
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000192",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN10092452/index.html",
      "@id": "JVN#10092452",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4871",
      "@id": "CVE-2016-4871",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4871",
      "@id": "CVE-2016-4871",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    }
  ],
  "title": "Cybozu Office vulnerable to denial-of-service (DoS)"
}

jvndb-2010-000016
Vulnerability from jvndb
Published
2010-04-21 17:27
Modified
2010-04-21 17:27
Severity ?
() - -
Summary
Multiple Cybozu products vulnerable to authentication bypass
Details
Multiple Cybozu products contain an authentication bypass vulnerability. Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000016.html",
  "dc:date": "2010-04-21T17:27+09:00",
  "dcterms:issued": "2010-04-21T17:27+09:00",
  "dcterms:modified": "2010-04-21T17:27+09:00",
  "description": "Multiple Cybozu products contain an authentication bypass vulnerability.\r\n\r\nMultiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product.",
  "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000016.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:dotsales",
      "@product": "Cybozu Dotsales",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:office",
      "@product": "Cybozu Office",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2010-000016",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN87730223/index.html",
      "@id": "JVN#87730223",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2029",
      "@id": "CVE-2010-2029",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2029",
      "@id": "CVE-2010-2029",
      "@source": "NVD"
    },
    {
      "#text": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html",
      "@id": "Security Alert for Vulnerability in Multiple Cybozu Products",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "http://secunia.com/advisories/39508",
      "@id": "SA39508",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/57976",
      "@id": "57976",
      "@source": "XF"
    },
    {
      "#text": "http://www.osvdb.org/63933",
      "@id": "63933",
      "@source": "OSVDB"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Multiple Cybozu products vulnerable to authentication bypass"
}

jvndb-2022-000054
Vulnerability from jvndb
Published
2022-07-20 17:28
Modified
2024-06-14 14:02
Severity ?
Summary
Multiple vulnerabilities in Cybozu Office
Details
Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * [CyVDB-839][CyVDB-2300][CyVDB-3109] Browse restriction bypass vulnerability in Cabinet (CWE-284) - CVE-2022-32283 * [CyVDB-1795] Operation restriction bypass vulnerability in Project (CWE-285) - CVE-2022-32544 * [CyVDB-1800][CyVDB-2798][CyVDB-2927] Browse restriction bypass vulnerability in Custom App (CWE-284) - CVE-2022-29891 * [CyVDB-1849] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-33151 * [CyVDB-1851][CyVDB-1856][CyVDB-1873][CyVDB-1944][CyVDB-2173] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-28715 * [CyVDB-1859] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-30604 * [CyVDB-2030] HTTP header injection vulnerability (CWE-113) - CVE-2022-32453 * [CyVDB-2152][CyVDB-2153][CyVDB-2154][CyVDB-2155] Information disclosure vulnerability in the system configuration (CWE-200) - CVE-2022-30693 * [CyVDB-2693] Operation restriction bypass vulnerability in Scheduler (CWE-285) - CVE-2022-32583 * [CyVDB-2695][CyVDB-2819] Browse restriction bypass vulnerability in Scheduler (CWE-284) - CVE-2022-25986 * [CyVDB-2770] Browse restriction bypass vulnerability in Address Book (CWE-284) - CVE-2022-33311 * [CyVDB-2939] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-29487 CVE-2022-28715, CVE-2022-30604, CVE-2022-32453, CVE-2022-33151 Masato Kinugawa reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. CVE-2022-29891, CVE-2022-32544, CVE-2022-32583 Yuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. CVE-2022-30693 Kanta Nishitani of Ierae Security Inc. reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. CVE-2022-29487, CVE-2022-25986, CVE-2022-32283, CVE-2022-33311 Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
References
JVN https://jvn.jp/en/jp/JVN20573662/index.html
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25986
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28715
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29487
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29891
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30604
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30693
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32283
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32453
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32544
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32583
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33151
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33311
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-25986
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-28715
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-29487
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-29891
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-30604
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-30693
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-32283
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-32453
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-32544
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-32583
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-33151
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-33311
Permissions(CWE-264) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
No Mapping(CWE-Other) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Information Exposure(CWE-200) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000054.html",
  "dc:date": "2024-06-14T14:02+09:00",
  "dcterms:issued": "2022-07-20T17:28+09:00",
  "dcterms:modified": "2024-06-14T14:02+09:00",
  "description": "Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n* [CyVDB-839][CyVDB-2300][CyVDB-3109] Browse restriction bypass vulnerability in Cabinet (CWE-284) - CVE-2022-32283\r\n* [CyVDB-1795] Operation restriction bypass vulnerability in Project (CWE-285) - CVE-2022-32544\r\n* [CyVDB-1800][CyVDB-2798][CyVDB-2927] Browse restriction bypass vulnerability in Custom App (CWE-284) - CVE-2022-29891\r\n* [CyVDB-1849] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-33151\r\n* [CyVDB-1851][CyVDB-1856][CyVDB-1873][CyVDB-1944][CyVDB-2173] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-28715\r\n* [CyVDB-1859] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-30604\r\n* [CyVDB-2030] HTTP header injection vulnerability (CWE-113) - CVE-2022-32453\r\n* [CyVDB-2152][CyVDB-2153][CyVDB-2154][CyVDB-2155] Information disclosure vulnerability in the system configuration (CWE-200) - CVE-2022-30693\r\n* [CyVDB-2693] Operation restriction bypass vulnerability in Scheduler (CWE-285) - CVE-2022-32583\r\n* [CyVDB-2695][CyVDB-2819] Browse restriction bypass vulnerability in Scheduler (CWE-284) - CVE-2022-25986\r\n* [CyVDB-2770] Browse restriction bypass vulnerability in Address Book (CWE-284) - CVE-2022-33311\r\n* [CyVDB-2939] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-29487\r\n\r\nCVE-2022-28715, CVE-2022-30604, CVE-2022-32453, CVE-2022-33151\r\nMasato Kinugawa reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2022-29891, CVE-2022-32544, CVE-2022-32583\r\nYuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2022-30693\r\nKanta Nishitani of Ierae Security Inc. reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2022-29487, CVE-2022-25986, CVE-2022-32283, CVE-2022-33311\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000054.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2022-000054",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN20573662/index.html",
      "@id": "JVN#20573662",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25986",
      "@id": "CVE-2022-25986",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28715",
      "@id": "CVE-2022-28715",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29487",
      "@id": "CVE-2022-29487",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29891",
      "@id": "CVE-2022-29891",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30604",
      "@id": "CVE-2022-30604",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30693",
      "@id": "CVE-2022-30693",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32283",
      "@id": "CVE-2022-32283",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32453",
      "@id": "CVE-2022-32453",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32544",
      "@id": "CVE-2022-32544",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32583",
      "@id": "CVE-2022-32583",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33151",
      "@id": "CVE-2022-33151",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33311",
      "@id": "CVE-2022-33311",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-25986",
      "@id": "CVE-2022-25986",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28715",
      "@id": "CVE-2022-28715",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29487",
      "@id": "CVE-2022-29487",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29891",
      "@id": "CVE-2022-29891",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30604",
      "@id": "CVE-2022-30604",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30693",
      "@id": "CVE-2022-30693",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-32283",
      "@id": "CVE-2022-32283",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-32453",
      "@id": "CVE-2022-32453",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-32544",
      "@id": "CVE-2022-32544",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-32583",
      "@id": "CVE-2022-32583",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-33151",
      "@id": "CVE-2022-33151",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-33311",
      "@id": "CVE-2022-33311",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Office"
}

jvndb-2011-000045
Vulnerability from jvndb
Published
2011-06-24 19:18
Modified
2011-06-24 19:18
Severity ?
() - -
Summary
Multiple Cybozu products vulnerable to cross-site scripting
Details
Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability. Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the bulletin board system. Sen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000045.html",
  "dc:date": "2011-06-24T19:18+09:00",
  "dcterms:issued": "2011-06-24T19:18+09:00",
  "dcterms:modified": "2011-06-24T19:18+09:00",
  "description": "Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability.\r\n\r\nMultiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the bulletin board system.\r\n\r\nSen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000045.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:office",
      "@product": "Cybozu Office",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "3.5",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2011-000045",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN80877328/index.html",
      "@id": "JVN#80877328",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1333",
      "@id": "CVE-2011-1333",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1333",
      "@id": "CVE-2011-1333",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple Cybozu products vulnerable to cross-site scripting"
}

jvndb-2017-000065
Vulnerability from jvndb
Published
2017-04-11 16:05
Modified
2017-06-01 12:18
Severity ?
Summary
Cybozu Office fails to restrict access permission in the templates delete function in "customapp"
Details
Cybozu Office contains an access restriction flaw in the templates delete function in "customapp". Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000065.html",
  "dc:date": "2017-06-01T12:18+09:00",
  "dcterms:issued": "2017-04-11T16:05+09:00",
  "dcterms:modified": "2017-06-01T12:18+09:00",
  "description": "Cybozu Office contains an access restriction flaw in the templates delete function in \"customapp\".\r\n\r\nCybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000065.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "5.4",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000065",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN17535578/index.html",
      "@id": "JVN#17535578",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2116",
      "@id": "CVE-2017-2116",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2116",
      "@id": "CVE-2017-2116",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Cybozu Office fails to restrict access permission in the templates delete function in \"customapp\""
}

jvndb-2024-000079
Vulnerability from jvndb
Published
2024-08-06 14:59
Modified
2024-08-06 14:59
Severity ?
Summary
Cybozu Office vulnerable to bypass browsing restrictions in Custom App
Details
Cybozu Office provided by Cybozu, Inc. contains a vulnerability which allows to bypass browsing restrictions in Custom App (CWE-201). Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000079.html",
  "dc:date": "2024-08-06T14:59+09:00",
  "dcterms:issued": "2024-08-06T14:59+09:00",
  "dcterms:modified": "2024-08-06T14:59+09:00",
  "description": "Cybozu Office provided by Cybozu, Inc. contains a vulnerability which allows to bypass browsing restrictions in Custom App (CWE-201).\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000079.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-000079",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN29845579/index.html",
      "@id": "JVN#29845579",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-39817",
      "@id": "CVE-2024-39817",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    }
  ],
  "title": "Cybozu Office vulnerable to bypass browsing restrictions in Custom App"
}

jvndb-2011-000079
Vulnerability from jvndb
Published
2011-10-11 09:11
Modified
2011-11-28 16:48
Severity ?
() - -
Summary
Cybozu Office vulnerable in restricting access
Details
Cybozu Office contains a vulnerability in restricting access permissions. Cybozu Office is a groupware.Cybozu Office contains a vulnerability in restricting access permissions. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000079.html",
  "dc:date": "2011-11-28T16:48+09:00",
  "dcterms:issued": "2011-10-11T09:11+09:00",
  "dcterms:modified": "2011-11-28T16:48+09:00",
  "description": "Cybozu Office contains a vulnerability in restricting access permissions.\r\n\r\nCybozu Office is a groupware.Cybozu Office contains a vulnerability in restricting access permissions.\r\n\r\nMasako Ohno reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000079.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2011-000079",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN84838479/index.html",
      "@id": "JVN#84838479",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2677",
      "@id": "CVE-2011-2677",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2677",
      "@id": "CVE-2011-2677",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Cybozu Office vulnerable in restricting access"
}

jvndb-2016-000025
Vulnerability from jvndb
Published
2016-02-15 16:20
Modified
2016-02-23 16:32
Severity ?
Summary
Cybozu Office vulnerable to open redirect
Details
Cybozu Office contains an open redirect vulnerability in network functions.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000025.html",
  "dc:date": "2016-02-23T16:32+09:00",
  "dcterms:issued": "2016-02-15T16:20+09:00",
  "dcterms:modified": "2016-02-23T16:32+09:00",
  "description": "Cybozu Office contains an open redirect vulnerability in network functions.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000025.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.7",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000025",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN71428831/index.html",
      "@id": "JVN#71428831",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8483",
      "@id": "CVE-2015-8483",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8483",
      "@id": "CVE-2015-8483",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    }
  ],
  "title": "Cybozu Office vulnerable to open redirect"
}

jvndb-2016-000186
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:10
Severity ?
Summary
"Schedule" function in Cybozu Office vulnerable to cross-site scripting
Details
Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability. Kusano Kazuhiko reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html",
  "dc:date": "2017-04-24T15:10+09:00",
  "dcterms:issued": "2016-10-03T15:43+09:00",
  "dcterms:modified": "2017-04-24T15:10+09:00",
  "description": "Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.\r\n\r\nKusano Kazuhiko reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.4",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000186",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN06726266/index.html",
      "@id": "JVN#06726266",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4870",
      "@id": "CVE-2016-4870",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4870",
      "@id": "CVE-2016-4870",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "\"Schedule\" function in Cybozu Office vulnerable to cross-site scripting"
}

jvndb-2016-000188
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:10
Severity ?
Summary
Breadcrumb trail in Cybozu Office vulnerable vulnerable to browse restriction bypass
Details
Cybozu Office provided by Cybozu,Inc. contains a browse restriction bypass vulnerability in the breadcrumb trail. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html",
  "dc:date": "2017-04-24T15:10+09:00",
  "dcterms:issued": "2016-10-03T15:43+09:00",
  "dcterms:modified": "2017-04-24T15:10+09:00",
  "description": "Cybozu Office provided by Cybozu,Inc. contains a browse restriction bypass vulnerability in the breadcrumb trail.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000188",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN07148816/index.html",
      "@id": "JVN#07148816",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4872",
      "@id": "CVE-2016-4872",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4872",
      "@id": "CVE-2016-4872",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Breadcrumb trail in Cybozu Office vulnerable vulnerable to browse restriction bypass"
}

jvndb-2016-000191
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:05
Severity ?
Summary
Cybozu Office vulnerable to information disclosure
Details
Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the page where CGI environment variables are displayed. Therefore, session information may be disclosed if the contents of this page is read in some way. Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html",
  "dc:date": "2017-04-24T15:05+09:00",
  "dcterms:issued": "2016-10-03T15:43+09:00",
  "dcterms:modified": "2017-04-24T15:05+09:00",
  "description": "Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed.\r\n\r\nCookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code.  However, Cookie values can be obtained in the page where CGI environment variables are displayed.  Therefore, session information may be disclosed if the contents of this page is read in some way.\r\n\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000191",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN09736331/index.html",
      "@id": "JVN#09736331",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4869",
      "@id": "CVE-2016-4869",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4869",
      "@id": "CVE-2016-4869",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    }
  ],
  "title": "Cybozu Office vulnerable to information disclosure"
}

jvndb-2013-000069
Vulnerability from jvndb
Published
2013-07-16 12:27
Modified
2013-07-23 19:09
Severity ?
() - -
Summary
Cybozu Office session management vulnerability
Details
Cybozu Office is a groupware. Cybozu Office contains a vulnerability in session management. Ooi Keita reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000069.html",
  "dc:date": "2013-07-23T19:09+09:00",
  "dcterms:issued": "2013-07-16T12:27+09:00",
  "dcterms:modified": "2013-07-23T19:09+09:00",
  "description": "Cybozu Office is a groupware. Cybozu Office contains a vulnerability in session management.\r\n\r\nOoi Keita reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000069.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2013-000069",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN19491840/index.html",
      "@id": "JVN#19491840",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3656",
      "@id": "CVE-2013-3656",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3656",
      "@id": "CVE-2013-3656",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-287",
      "@title": "Improper Authentication(CWE-287)"
    }
  ],
  "title": "Cybozu Office session management vulnerability"
}

jvndb-2006-000649
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Cybozu Office 6 information disclosure vulnerability
Details
A vulnerability exists in Cybozu Office 6 allowing the disclosure of registered users or groups information. Cybozu Office 6 provides several login methods. One of the methods, meant to be used in the Internet, allows direct entry of a username. However, even when this method is used, information of registered users and groups could be obtained by an attacker.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000649.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "A vulnerability exists in Cybozu Office 6 allowing the disclosure of registered users or groups information.\r\n\r\nCybozu Office 6 provides several login methods. One of the methods, meant to be used in the Internet, allows direct entry of a username. However, even when this method is used, information of registered users and groups could be obtained by an attacker.",
  "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000649.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:ag_pocket",
      "@product": "Cybozu AG Pocket",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:cybozu_ag",
      "@product": "Cybozu AG",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:office",
      "@product": "Cybozu Office",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:share360",
      "@product": "Cybozu Share360",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2006-000649",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN31125599/index.html",
      "@id": "JVN#31125599",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4492",
      "@id": "CVE-2006-4492",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4492",
      "@id": "CVE-2006-4492",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/21623",
      "@id": "SA21623",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.osvdb.org/28263",
      "@id": "28263",
      "@source": "OSVDB"
    }
  ],
  "title": "Cybozu Office 6 information disclosure vulnerability"
}

jvndb-2016-000020
Vulnerability from jvndb
Published
2016-02-15 15:43
Modified
2016-02-23 16:32
Severity ?
Summary
Cybozu Office vulnerable to denial-of-service (DoS)
Details
Cybozu Office contains a denial-of-service (DoS) vulnerability due to an issue in "customapp".
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000020.html",
  "dc:date": "2016-02-23T16:32+09:00",
  "dcterms:issued": "2016-02-15T15:43+09:00",
  "dcterms:modified": "2016-02-23T16:32+09:00",
  "description": "Cybozu Office contains a denial-of-service (DoS) vulnerability due to an issue in \"customapp\".",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000020.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
      "@version": "2.0"
    },
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000020",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN20246313/index.html",
      "@id": "JVN#20246313",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8489",
      "@id": "CVE-2015-8489",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1153",
      "@id": "CVE-2016-1153",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8489",
      "@id": "CVE-2015-8489",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1153",
      "@id": "CVE-2016-1153",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    }
  ],
  "title": "Cybozu Office vulnerable to denial-of-service (DoS)"
}

jvndb-2018-000120
Vulnerability from jvndb
Published
2018-11-14 15:38
Modified
2019-08-27 12:28
Severity ?
Summary
Multiple directory traversal vulnerabilities in Cybozu Office
Details
Cybozu Office provided by Cybozu, Inc. contains multiple directory traversal vulnerabilities below. * Directory traversal vulnerability due to a flaw in processing parameter of the HTTP request (CWE-22) - CVE-2018-0703 * Directory traversal vulnerability due to a flaw in processing parameter when logging out Keitai Screen (CWE-22) - CVE-2018-0704 Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000120.html",
  "dc:date": "2019-08-27T12:28+09:00",
  "dcterms:issued": "2018-11-14T15:38+09:00",
  "dcterms:modified": "2019-08-27T12:28+09:00",
  "description": "Cybozu Office provided by Cybozu, Inc. contains multiple directory traversal vulnerabilities below.\r\n* Directory traversal vulnerability due to a flaw in processing parameter of the HTTP request (CWE-22) - CVE-2018-0703\r\n* Directory traversal vulnerability due to a flaw in processing parameter when logging out Keitai Screen (CWE-22) - CVE-2018-0704\r\n\r\nYuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000120.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
      "@version": "2.0"
    },
    {
      "@score": "8.6",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000120",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN15232217/index.html",
      "@id": "JVN#15232217",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0703",
      "@id": "CVE-2018-0703",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0704",
      "@id": "CVE-2018-0704",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0703",
      "@id": "CVE-2018-0703",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0704",
      "@id": "CVE-2018-0704",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    }
  ],
  "title": "Multiple directory traversal vulnerabilities in Cybozu Office"
}

jvndb-2011-000047
Vulnerability from jvndb
Published
2011-06-24 19:23
Modified
2011-06-24 19:23
Severity ?
() - -
Summary
Cybozu Office vulnerable to cross-site scripting
Details
Cybozu Office contains a cross-site scripting vulnerability. Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability due to issues contained in the address book and user list functions. NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000047.html",
  "dc:date": "2011-06-24T19:23+09:00",
  "dcterms:issued": "2011-06-24T19:23+09:00",
  "dcterms:modified": "2011-06-24T19:23+09:00",
  "description": "Cybozu Office contains a cross-site scripting vulnerability.\r\n\r\nCybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability due to issues contained in the address book and user list functions.\r\n\r\nNetAgent Co.,Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000047.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2011-000047",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN55508059",
      "@id": "JVN#55508059",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1335",
      "@id": "CVE-2011-1335",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1335",
      "@id": "CVE-2011-1335",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/44992",
      "@id": "SA44992 ",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://secunia.com/advisories/45050",
      "@id": "SA45050 ",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/48446",
      "@id": "48446",
      "@source": "BID"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Cybozu Office vulnerable to cross-site scripting"
}

jvndb-2017-000064
Vulnerability from jvndb
Published
2017-04-11 16:05
Modified
2017-06-01 11:30
Severity ?
Summary
Cybozu Office fails to restrict access permission in the file export function in "customapp"
Details
Cybozu Office contains an access restriction flaw in the file export function in "customapp". Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000064.html",
  "dc:date": "2017-06-01T11:30+09:00",
  "dcterms:issued": "2017-04-11T16:05+09:00",
  "dcterms:modified": "2017-06-01T11:30+09:00",
  "description": "Cybozu Office contains an access restriction flaw in the file export function in \"customapp\".\r\n\r\nCybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000064.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000064",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN17535578/index.html",
      "@id": "JVN#17535578",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2115",
      "@id": "CVE-2017-2115",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2115",
      "@id": "CVE-2017-2115",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Cybozu Office fails to restrict access permission in the file export function in \"customapp\""
}

jvndb-2016-000184
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:05
Severity ?
Summary
"Customapp" function in Cybozu Office vulnerable to cross-site scripting
Details
Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html",
  "dc:date": "2017-04-24T15:05+09:00",
  "dcterms:issued": "2016-10-03T15:43+09:00",
  "dcterms:modified": "2017-04-24T15:05+09:00",
  "description": "Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000184",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN06726266/index.html",
      "@id": "JVN#06726266",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4865",
      "@id": "CVE-2016-4865",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4865",
      "@id": "CVE-2016-4865",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "\"Customapp\" function in Cybozu Office vulnerable to cross-site scripting"
}

jvndb-2006-000650
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Cybozu products vulnerable to directory traversal
Details
Multiple Cybozu products contain a directory traversal vulnerability.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000650.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Multiple Cybozu products contain a directory traversal vulnerability.",
  "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000650.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:office",
      "@product": "Cybozu Office",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:share360",
      "@product": "Cybozu Share360",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2006-000650",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN90420168/index.html",
      "@id": "JVN#90420168",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4490",
      "@id": "CVE-2006-4490",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4490",
      "@id": "CVE-2006-4490",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/21623",
      "@id": "SA21623",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/28591",
      "@id": "28591",
      "@source": "XF"
    },
    {
      "#text": "http://securitytracker.com/id?1016759",
      "@id": "1016759",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://osvdb.org/displayvuln.php?osvdb_id=28261",
      "@id": "28261",
      "@source": "OSVDB"
    },
    {
      "#text": "http://osvdb.org/displayvuln.php?osvdb_id=28262",
      "@id": "28262",
      "@source": "OSVDB"
    }
  ],
  "title": "Cybozu products vulnerable to directory traversal"
}

jvndb-2016-000024
Vulnerability from jvndb
Published
2016-02-15 16:20
Modified
2016-02-23 16:32
Severity ?
Summary
Cybozu Office vulnerable to cross-site request forgery
Details
Cybozu Office contains a cross-site request forgery vulnerability (CWE-352) in multiple functions.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000024.html",
  "dc:date": "2016-02-23T16:32+09:00",
  "dcterms:issued": "2016-02-15T16:20+09:00",
  "dcterms:modified": "2016-02-23T16:32+09:00",
  "description": "Cybozu Office contains a cross-site request forgery vulnerability (CWE-352) in multiple functions.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000024.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000024",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN64209269/index.html",
      "@id": "JVN#64209269",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1151",
      "@id": "CVE-2016-1151",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1151",
      "@id": "CVE-2016-1151",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    }
  ],
  "title": "Cybozu Office vulnerable to cross-site request forgery"
}

jvndb-2016-000185
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:05
Severity ?
Summary
"Project" function in Cybozu Office vulnerable to cross-site scripting
Details
Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability. Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html",
  "dc:date": "2017-04-24T15:05+09:00",
  "dcterms:issued": "2016-10-03T15:43+09:00",
  "dcterms:modified": "2017-04-24T15:05+09:00",
  "description": "Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.\r\n\r\nYuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000185",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN06726266/index.html",
      "@id": "JVN#06726266",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4866",
      "@id": "CVE-2016-4866",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4866",
      "@id": "CVE-2016-4866",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "\"Project\" function in Cybozu Office vulnerable to cross-site scripting"
}

jvndb-2011-000046
Vulnerability from jvndb
Published
2011-06-24 19:21
Modified
2011-06-24 19:21
Severity ?
() - -
Summary
Multiple Cybozu products vulnerable to cross-site scripting
Details
Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability. Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system. Sen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000046.html",
  "dc:date": "2011-06-24T19:21+09:00",
  "dcterms:issued": "2011-06-24T19:21+09:00",
  "dcterms:modified": "2011-06-24T19:21+09:00",
  "description": "Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability.\r\n\r\nMultiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system.\r\n\r\nSen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000046.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:collaborex",
      "@product": "Cybozu Collaborex",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:dezie",
      "@product": "Cybozu Dezie",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:mailwise",
      "@product": "Cybozu Mailwise",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:office",
      "@product": "Cybozu Office",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2011-000046",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN54074460",
      "@id": "JVN#54074460",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1334",
      "@id": "CVE-2011-1334",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1334",
      "@id": "CVE-2011-1334",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple Cybozu products vulnerable to cross-site scripting"
}

jvndb-2013-000082
Vulnerability from jvndb
Published
2013-09-10 13:56
Modified
2013-09-11 13:34
Severity ?
() - -
Summary
Cybozu Office vulnerable to cross-site scripting
Details
Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability in the function to customize the top page. Motoki Nishio of VALTES CO.,LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000082.html",
  "dc:date": "2013-09-11T13:34+09:00",
  "dcterms:issued": "2013-09-10T13:56+09:00",
  "dcterms:modified": "2013-09-11T13:34+09:00",
  "description": "Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability in the function to customize the top page.\r\n\r\n\r\nMotoki Nishio of VALTES CO.,LTD. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000082.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2013-000082",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN53014207/",
      "@id": "JVN#53014207",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4703",
      "@id": "CVE-2013-4703",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4703",
      "@id": "CVE-2013-4703",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Cybozu Office vulnerable to cross-site scripting"
}

jvndb-2014-000130
Vulnerability from jvndb
Published
2014-11-11 13:36
Modified
2014-11-25 17:52
Severity ?
() - -
Summary
Multiple Cybozu products vulnerable to buffer overflow
Details
Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability (CWE-119). Masaaki Chida of GREE, Inc. reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000130.html",
  "dc:date": "2014-11-25T17:52+09:00",
  "dcterms:issued": "2014-11-11T13:36+09:00",
  "dcterms:modified": "2014-11-25T17:52+09:00",
  "description": "Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability (CWE-119).\r\n\r\nMasaaki Chida of GREE, Inc. reported this vulnerability to the developer.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000130.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:dezie",
      "@product": "Cybozu Dezie",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:mailwise",
      "@product": "Cybozu Mailwise",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:office",
      "@product": "Cybozu Office",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "9.0",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2014-000130",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN14691234/index.html",
      "@id": "JVN#14691234",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5314",
      "@id": "CVE-2014-5314",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5314",
      "@id": "CVE-2014-5314",
      "@source": "NVD"
    },
    {
      "#text": "http://www.ipa.go.jp/security/ciadr/vul/20141111-jvn.html",
      "@id": "Security Alert for Multiple Cybozu products vulnerable to buffer overflow (JVN#14691234)",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    }
  ],
  "title": "Multiple Cybozu products vulnerable to buffer overflow"
}

jvndb-2013-000034
Vulnerability from jvndb
Published
2013-04-15 17:08
Modified
2013-06-25 18:36
Severity ?
() - -
Summary
Multiple Cybozu products vulnerable to cross-site request forgery
Details
Multiple Cybozu products contain a cross-site request forgery vulnerability.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000034.html",
  "dc:date": "2013-06-25T18:36+09:00",
  "dcterms:issued": "2013-04-15T17:08+09:00",
  "dcterms:modified": "2013-06-25T18:36+09:00",
  "description": "Multiple Cybozu products contain a cross-site request forgery vulnerability.",
  "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000034.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:dezie",
      "@product": "Cybozu Dezie",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:mailwise",
      "@product": "Cybozu Mailwise",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:office",
      "@product": "Cybozu Office",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2013-000034",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN06251813/index.html",
      "@id": "JVN#06251813",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2305",
      "@id": "CVE-2013-2305",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2305",
      "@id": "CVE-2013-2305",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    }
  ],
  "title": "Multiple Cybozu products vulnerable to cross-site request forgery"
}

jvndb-2016-000187
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:05
Severity ?
Summary
"Project" function in Cybozu Office vulnerable vulnerable to access restriction bypass
Details
Cybozu Office provided by Cybozu,Inc. contains an access restriction bypass vulnerability in the "Project" function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html",
  "dc:date": "2017-04-24T15:05+09:00",
  "dcterms:issued": "2016-10-03T15:43+09:00",
  "dcterms:modified": "2017-04-24T15:05+09:00",
  "description": "Cybozu Office provided by Cybozu,Inc. contains an access restriction bypass vulnerability in the \"Project\" function.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000187",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN07148816/index.html",
      "@id": "JVN#07148816",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4867",
      "@id": "CVE-2016-4867",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4867",
      "@id": "CVE-2016-4867",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "\"Project\" function in Cybozu Office vulnerable vulnerable to access restriction bypass"
}

jvndb-2009-000067
Vulnerability from jvndb
Published
2009-10-15 15:21
Modified
2009-10-15 15:21
Severity ?
() - -
Summary
Multiple Cybozu products vulnerable to cross-site scripting
Details
Multiple Cybozu products are vulnerable to cross-site scripting. Multiple products (groupware etc.) provided by Cybozu, Inc. contain a cross-site scripting vulnerablility. This vulnerability is different from JVN#50342989, and JVN#90712589. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000067.html",
  "dc:date": "2009-10-15T15:21+09:00",
  "dcterms:issued": "2009-10-15T15:21+09:00",
  "dcterms:modified": "2009-10-15T15:21+09:00",
  "description": "Multiple Cybozu products are vulnerable to cross-site scripting.\r\n\r\nMultiple products (groupware etc.) provided by Cybozu, Inc. contain a cross-site scripting vulnerablility.\r\n\r\nThis vulnerability is different from JVN#50342989, and JVN#90712589.\r\n\r\nTakeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000067.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:dezie",
      "@product": "Cybozu Dezie",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:mailwise",
      "@product": "Cybozu Mailwise",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:office",
      "@product": "Cybozu Office",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000067",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN23108985/index.html",
      "@id": "JVN#23108985",
      "@source": "JVN"
    },
    {
      "#text": "http://secunia.com/advisories/37011/",
      "@id": "SA37011",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/36704",
      "@id": "36704",
      "@source": "BID"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2009/2918",
      "@id": "VUPEN/ADV-2009-2918",
      "@source": "VUPEN"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple Cybozu products vulnerable to cross-site scripting"
}

jvndb-2016-000189
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:10
Severity ?
Summary
"Project" function in Cybozu Office vulnerable vulnerable to operation restriction bypass
Details
Cybozu Office provided by Cybozu,Inc. contains an operation restriction bypass vulnerability in the "Project" function. Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html",
  "dc:date": "2017-04-24T15:10+09:00",
  "dcterms:issued": "2016-10-03T15:43+09:00",
  "dcterms:modified": "2017-04-24T15:10+09:00",
  "description": "Cybozu Office provided by Cybozu,Inc. contains an operation restriction bypass vulnerability in the \"Project\" function.\r\n\r\nYuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000189",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN07148816/index.html",
      "@id": "JVN#07148816",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4873",
      "@id": "CVE-2016-4873",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4873",
      "@id": "CVE-2016-4873",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "\"Project\" function in Cybozu Office vulnerable vulnerable to operation restriction bypass"
}

jvndb-2005-000757
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Cybozu Office browser script execution vulnerability
Details
The HTML-mail compliant web mail function of Cybozu Office contains a vulnerability that may allow an attacker to execute browser script.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000757.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "The HTML-mail compliant web mail function of Cybozu Office contains a vulnerability that may allow an attacker to execute browser script.",
  "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000757.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2005-000757",
  "sec:references": {
    "#text": "http://jvn.jp/en/jp/JVN8F8B1C85/index.html",
    "@id": "JVN#8F8B1C85",
    "@source": "JVN"
  },
  "title": "Cybozu Office browser script execution vulnerability"
}

jvndb-2016-000193
Vulnerability from jvndb
Published
2016-10-03 15:47
Modified
2017-04-24 15:10
Severity ?
Summary
Cybozu Office vulnerable to Reflected File Download (RFD)
Details
Cybozu Office contains a Reflected File Download (RFD) vulnerability. Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html",
  "dc:date": "2017-04-24T15:10+09:00",
  "dcterms:issued": "2016-10-03T15:47+09:00",
  "dcterms:modified": "2017-04-24T15:10+09:00",
  "description": "Cybozu Office contains a Reflected File Download (RFD) vulnerability.\r\n\r\nJun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "3.5",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "3.5",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000193",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN11288252/index.html",
      "@id": "JVN#11288252",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4874",
      "@id": "CVE-2016-4874",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4874",
      "@id": "CVE-2016-4874",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Cybozu Office vulnerable to Reflected File Download (RFD)"
}

jvndb-2016-000021
Vulnerability from jvndb
Published
2016-02-15 15:44
Modified
2016-02-23 16:32
Severity ?
Summary
Cybozu Office vulnerable to information disclosure
Details
Cybozu Office contains an information disclosure vulnerability in the mail function. Note that this vulnerability is different from JVN#47296923.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000021.html",
  "dc:date": "2016-02-23T16:32+09:00",
  "dcterms:issued": "2016-02-15T15:44+09:00",
  "dcterms:modified": "2016-02-23T16:32+09:00",
  "description": "Cybozu Office contains an information disclosure vulnerability in the mail function.\r\n\r\nNote that this vulnerability is different from JVN#47296923.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000021.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000021",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN28042424/index.html",
      "@id": "JVN#28042424",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8488",
      "@id": "CVE-2015-8488",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8488",
      "@id": "CVE-2015-8488",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Cybozu Office vulnerable to information disclosure"
}

jvndb-2021-000022
Vulnerability from jvndb
Published
2021-03-15 15:56
Modified
2021-12-17 17:51
Severity ?
Summary
Multiple vulnerabilities in Cybozu Office
Details
Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. *[CyVDB-1657] Operational restrictions bypass vulnerability in Scheduler (CWE-264) - CVE-2021-20624 *[CyVDB-1727] Operational restrictions bypass vulnerability in Bulletin Board (CWE-264) - CVE-2021-20625 *[CyVDB-1895][CyVDB-2658] Operational restrictions bypass vulnerability in Workflow (CWE-264) - CVE-2021-20626 *[CyVDB-1899] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20627 *[CyVDB-1924] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20628 *[CyVDB-2014] Cross-site scripting vulnerability in E-mail (CWE-79) - CVE-2021-20629 *[CyVDB-2018] Viewing restrictions bypass vulnerability in Phone Messages (CWE-264) - CVE-2021-20630 *[CyVDB-2063] Improper input validation vulnerability in Custom App (CWE-20) - CVE-2021-20631 *[CyVDB-2263] Viewing restrictions bypass vulnerability in Bulletin Board (CWE-264) - CVE-2021-20632 *[CyVDB-2310] Viewing restrictions bypass vulnerability in Cabinet (CWE-264) - CVE-2021-20633 *[CyVDB-2764] Viewing restrictions bypass vulnerability in Custom App (CWE-264) - CVE-2021-20634 *[CyVDB-1900] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20849 CVE-2021-20624, CVE-2021-20625 and CVE-2021-20629 Yuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. CVE-2021-20627, CVE-2021-20628 and CVE-2021-20849 Kanta Nishitani of Ierae Security Inc. reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. CVE-2021-20630 and CVE-2021-20631 Shuichi Uruma reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. CVE-2021-20626, CVE-2021-20632, CVE-2021-20633 and CVE-2021-20634 Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
References
JVN https://jvn.jp/en/jp/JVN45797538/index.html
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20624
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20625
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20626
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20627
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20628
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20629
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20630
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20631
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20632
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20633
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20634
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20849
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20624
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20625
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20626
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20627
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20628
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20629
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20630
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20631
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20632
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20633
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20634
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20849
Improper Input Validation(CWE-20) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Permissions(CWE-264) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000022.html",
  "dc:date": "2021-12-17T17:51+09:00",
  "dcterms:issued": "2021-03-15T15:56+09:00",
  "dcterms:modified": "2021-12-17T17:51+09:00",
  "description": "Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n*[CyVDB-1657] Operational restrictions bypass vulnerability in Scheduler (CWE-264) - CVE-2021-20624\r\n*[CyVDB-1727] Operational restrictions bypass vulnerability in Bulletin Board (CWE-264) - CVE-2021-20625\r\n*[CyVDB-1895][CyVDB-2658] Operational restrictions bypass vulnerability in Workflow (CWE-264) - CVE-2021-20626\r\n*[CyVDB-1899] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20627\r\n*[CyVDB-1924] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20628\r\n*[CyVDB-2014] Cross-site scripting vulnerability in E-mail (CWE-79) - CVE-2021-20629\r\n*[CyVDB-2018] Viewing restrictions bypass vulnerability in Phone Messages (CWE-264) - CVE-2021-20630\r\n*[CyVDB-2063] Improper input validation vulnerability in Custom App (CWE-20) - CVE-2021-20631\r\n*[CyVDB-2263] Viewing restrictions bypass vulnerability in Bulletin Board (CWE-264) - CVE-2021-20632\r\n*[CyVDB-2310] Viewing restrictions bypass vulnerability in Cabinet (CWE-264) - CVE-2021-20633\r\n*[CyVDB-2764] Viewing restrictions bypass vulnerability in Custom App (CWE-264) - CVE-2021-20634\r\n*[CyVDB-1900] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20849\r\n\r\nCVE-2021-20624, CVE-2021-20625 and CVE-2021-20629\r\nYuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20627, CVE-2021-20628 and CVE-2021-20849\r\nKanta Nishitani of Ierae Security Inc. reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20630 and CVE-2021-20631\r\nShuichi Uruma reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20626, CVE-2021-20632, CVE-2021-20633 and CVE-2021-20634\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000022.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000022",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN45797538/index.html",
      "@id": "JVN#45797538",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20624",
      "@id": "CVE-2021-20624",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20625",
      "@id": "CVE-2021-20625",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20626",
      "@id": "CVE-2021-20626",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20627",
      "@id": "CVE-2021-20627",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20628",
      "@id": "CVE-2021-20628",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20629",
      "@id": "CVE-2021-20629",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20630",
      "@id": "CVE-2021-20630",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20631",
      "@id": "CVE-2021-20631",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20632",
      "@id": "CVE-2021-20632",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20633",
      "@id": "CVE-2021-20633",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20634",
      "@id": "CVE-2021-20634",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20849",
      "@id": "CVE-2021-20849",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20624",
      "@id": "CVE-2021-20624",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20625",
      "@id": "CVE-2021-20625",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20626",
      "@id": "CVE-2021-20626",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20627",
      "@id": "CVE-2021-20627",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20628",
      "@id": "CVE-2021-20628",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20629",
      "@id": "CVE-2021-20629",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20630",
      "@id": "CVE-2021-20630",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20631",
      "@id": "CVE-2021-20631",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20632",
      "@id": "CVE-2021-20632",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20633",
      "@id": "CVE-2021-20633",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20634",
      "@id": "CVE-2021-20634",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20849",
      "@id": "CVE-2021-20849",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Office"
}

jvndb-2016-000023
Vulnerability from jvndb
Published
2016-02-15 15:45
Modified
2016-02-23 16:32
Severity ?
Summary
Cybozu Office access restriction bypass vulnerability
Details
Cybozu Office contains an access restriction bypass vulnerability in multiple functions.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000023.html",
  "dc:date": "2016-02-23T16:32+09:00",
  "dcterms:issued": "2016-02-15T15:45+09:00",
  "dcterms:modified": "2016-02-23T16:32+09:00",
  "description": "Cybozu Office contains an access restriction bypass vulnerability in multiple functions.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000023.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
      "@version": "2.0"
    },
    {
      "@score": "5.4",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000023",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN48720230/index.html",
      "@id": "JVN#48720230",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8484",
      "@id": "CVE-2015-8484",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8485",
      "@id": "CVE-2015-8485",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8486",
      "@id": "CVE-2015-8486",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1152",
      "@id": "CVE-2016-1152",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8484",
      "@id": "CVE-2015-8484",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8485",
      "@id": "CVE-2015-8485",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8486",
      "@id": "CVE-2015-8486",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1152",
      "@id": "CVE-2016-1152",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Cybozu Office access restriction bypass vulnerability"
}

jvndb-2019-000076
Vulnerability from jvndb
Published
2019-12-17 13:55
Modified
2019-12-17 13:55
Severity ?
Summary
Multiple vulnerabilities in Cybozu Office
Details
Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * Directory traversal in the "Customapp" function (CWE-22) - CVE-2019-6022 * Browse restriction bypass in the application "Address" (CWE-284) - CVE-2019-6023 Two vulnerabilities were reported by the following persons to Cybozu, Inc. directly, and Cybozu Inc. reported the vulnerabilities to JPCERT/CC to notify users of the solution through JVN. CVE-2019-6022 by Shoji Baba CVE-2019-6023 by Tanghaifeng
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000076.html",
  "dc:date": "2019-12-17T13:55+09:00",
  "dcterms:issued": "2019-12-17T13:55+09:00",
  "dcterms:modified": "2019-12-17T13:55+09:00",
  "description": "Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n* Directory traversal in the \"Customapp\" function (CWE-22) - CVE-2019-6022 \r\n\r\n* Browse restriction bypass in the application \"Address\" (CWE-284) - CVE-2019-6023 \r\n\r\nTwo vulnerabilities were reported by the following persons to Cybozu, Inc. directly, and Cybozu Inc. reported the vulnerabilities to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n CVE-2019-6022 by Shoji Baba\r\n CVE-2019-6023 by Tanghaifeng",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000076.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:office",
      "@product": "Cybozu Office",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:office",
      "@product": "Cybozu Office",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "7.7",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2019-000076",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN79854355/index.html",
      "@id": "JVN#79854355",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6022",
      "@id": "CVE-2019-6022",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6023",
      "@id": "CVE-2019-6023",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6022",
      "@id": "CVE-2019-6022",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6023",
      "@id": "CVE-2019-6023",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Office"
}

jvndb-2016-000026
Vulnerability from jvndb
Published
2016-02-15 16:21
Modified
2016-06-06 15:00
Severity ?
Summary
Cybozu Office vulnerable to cross-site scripting
Details
Cybozu Office contains a cross-site scripting vulnerability (CWE-79) in multiple functions. Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000026.html",
  "dc:date": "2016-06-06T15:00+09:00",
  "dcterms:issued": "2016-02-15T16:21+09:00",
  "dcterms:modified": "2016-06-06T15:00+09:00",
  "description": "Cybozu Office contains a cross-site scripting vulnerability (CWE-79) in multiple functions.\r\n\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000026.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "6.1",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000026",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN69278491/index.html",
      "@id": "JVN#69278491",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7795",
      "@id": "CVE-2015-7795",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7796",
      "@id": "CVE-2015-7796",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7797",
      "@id": "CVE-2015-7797",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7798",
      "@id": "CVE-2015-7798",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1149",
      "@id": "CVE-2016-1149",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1150",
      "@id": "CVE-2016-1150",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7795",
      "@id": "CVE-2015-7795",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7796",
      "@id": "CVE-2015-7796",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7797",
      "@id": "CVE-2015-7797",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7798",
      "@id": "CVE-2015-7798",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1149",
      "@id": "CVE-2016-1149",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1150",
      "@id": "CVE-2016-1150",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Cybozu Office vulnerable to cross-site scripting"
}

cve-2018-0565
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
http://jvn.jp/en/jp/JVN51737843/index.htmlthird-party-advisory, x_refsource_JVN
https://support.cybozu.com/ja-jp/article/10200x_refsource_CONFIRM
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.189Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#51737843",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/10200"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.0"
            }
          ]
        }
      ],
      "datePublic": "2018-06-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-26T13:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#51737843",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/10200"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0565",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#51737843",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
            },
            {
              "name": "https://support.cybozu.com/ja-jp/article/10200",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/10200"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0565",
    "datePublished": "2018-06-26T14:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:28:11.189Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0566
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
Summary
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.
References
https://support.cybozu.com/ja-jp/article/10195x_refsource_CONFIRM
http://jvn.jp/en/jp/JVN51737843/index.htmlthird-party-advisory, x_refsource_JVN
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.216Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/10195"
          },
          {
            "name": "JVN#51737843",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.0"
            }
          ]
        }
      ],
      "datePublic": "2018-06-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authentication bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-26T13:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/10195"
        },
        {
          "name": "JVN#51737843",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0566",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authentication bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.cybozu.com/ja-jp/article/10195",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/10195"
            },
            {
              "name": "JVN#51737843",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0566",
    "datePublished": "2018-06-26T14:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:28:11.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0528
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
Summary
Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.
References
https://support.cybozu.com/ja-jp/article/9812x_refsource_CONFIRM
http://jvn.jp/en/jp/JVN51737843/index.htmlthird-party-advisory, x_refsource_JVN
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.059Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9812"
          },
          {
            "name": "JVN#51737843",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-06-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authentication bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-26T13:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9812"
        },
        {
          "name": "JVN#51737843",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0528",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authentication bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.cybozu.com/ja-jp/article/9812",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/9812"
            },
            {
              "name": "JVN#51737843",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0528",
    "datePublished": "2018-06-26T14:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:28:11.059Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-29891
Vulnerability from cvelistv5
Published
2022-08-18 07:11
Modified
2024-08-03 06:33
Severity ?
Summary
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:33:43.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cs.cybozu.co.jp/2022/007584.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-18T07:11:37",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cs.cybozu.co.jp/2022/007584.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-29891",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cs.cybozu.co.jp/2022/007584.html",
              "refsource": "MISC",
              "url": "https://cs.cybozu.co.jp/2022/007584.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN20573662/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-29891",
    "datePublished": "2022-08-18T07:11:37",
    "dateReserved": "2022-06-17T00:00:00",
    "dateUpdated": "2024-08-03T06:33:43.067Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20629
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity ?
Summary
Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.027Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/36867/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-18T00:55:59",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/36867/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20629",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN45797538/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/36867/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/36867/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20629",
    "datePublished": "2021-03-18T00:56:00",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.027Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-25986
Vulnerability from cvelistv5
Published
2022-08-18 07:10
Modified
2024-08-03 04:56
Severity ?
Summary
Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:36.890Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cs.cybozu.co.jp/2022/007584.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-18T07:10:27",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cs.cybozu.co.jp/2022/007584.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-25986",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cs.cybozu.co.jp/2022/007584.html",
              "refsource": "MISC",
              "url": "https://cs.cybozu.co.jp/2022/007584.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN20573662/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-25986",
    "datePublished": "2022-08-18T07:10:27",
    "dateReserved": "2022-06-17T00:00:00",
    "dateUpdated": "2024-08-03T04:56:36.890Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20627
Vulnerability from cvelistv5
Published
2021-03-18 00:55
Modified
2024-08-03 17:45
Severity ?
Summary
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/36873/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-18T00:55:58",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/36873/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20627",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN45797538/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/36873/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/36873/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20627",
    "datePublished": "2021-03-18T00:55:58",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20630
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity ?
Summary
Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.995Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/36872/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-18T00:56:00",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/36872/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20630",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN45797538/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/36872/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/36872/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20630",
    "datePublished": "2021-03-18T00:56:00",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:44.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20626
Vulnerability from cvelistv5
Published
2021-03-18 00:55
Modified
2024-08-03 17:45
Severity ?
Summary
Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.280Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/36864/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-18T00:55:57",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/36864/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20626",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN45797538/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/36864/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/36864/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20626",
    "datePublished": "2021-03-18T00:55:57",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.280Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20634
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity ?
Summary
Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.208Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/36865/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-18T00:56:03",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/36865/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20634",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN45797538/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/36865/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/36865/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20634",
    "datePublished": "2021-03-18T00:56:03",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20624
Vulnerability from cvelistv5
Published
2021-03-18 00:55
Modified
2024-08-03 17:45
Severity ?
Summary
Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.737Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/36866/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-18T00:55:56",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/36866/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20624",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.cybozu.support/article/36866/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/36866/"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN45797538/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20624",
    "datePublished": "2021-03-18T00:55:56",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:44.737Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20633
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity ?
Summary
Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.214Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/36869/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-18T00:56:02",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/36869/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20633",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN45797538/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/36869/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/36869/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20633",
    "datePublished": "2021-03-18T00:56:02",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39817
Vulnerability from cvelistv5
Published
2024-08-06 04:54
Modified
2024-08-08 15:43
Severity ?
Summary
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39817",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-08T15:43:38.523183Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-08T15:43:52.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting \u0027search\u0027 under certain conditions in Custom App."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insertion of Sensitive Information Into Sent Data",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-06T04:54:50.932Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://jvn.jp/en/jp/JVN29845579/"
        },
        {
          "url": "https://kb.cybozu.support/?product=office\u0026v=\u0026fv=10.8.7\u0026t=%E8%84%86%E5%BC%B1%E6%80%A7\u0026s="
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-39817",
    "datePublished": "2024-08-06T04:54:50.932Z",
    "dateReserved": "2024-07-26T04:55:12.517Z",
    "dateUpdated": "2024-08-08T15:43:52.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-32583
Vulnerability from cvelistv5
Published
2022-08-18 07:14
Modified
2024-08-03 07:46
Severity ?
Summary
Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:46:43.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cs.cybozu.co.jp/2022/007584.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Authorization",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-18T07:14:00",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cs.cybozu.co.jp/2022/007584.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-32583",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cs.cybozu.co.jp/2022/007584.html",
              "refsource": "MISC",
              "url": "https://cs.cybozu.co.jp/2022/007584.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN20573662/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-32583",
    "datePublished": "2022-08-18T07:14:00",
    "dateReserved": "2022-06-17T00:00:00",
    "dateUpdated": "2024-08-03T07:46:43.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-2115
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
Summary
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.
References
http://jvn.jp/en/jp/JVN17535578/index.htmlthird-party-advisory, x_refsource_JVN
https://support.cybozu.com/ja-jp/article/9737x_refsource_MISC
http://www.securityfocus.com/bid/97717vdb-entry, x_refsource_BID
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.370Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#17535578",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN17535578/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9737"
          },
          {
            "name": "97717",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97717"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.5.0"
            }
          ]
        }
      ],
      "datePublic": "2017-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain \"customapp\" information via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Fails to restrict access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-01T09:57:02",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#17535578",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN17535578/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9737"
        },
        {
          "name": "97717",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97717"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2115",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.5.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain \"customapp\" information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Fails to restrict access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#17535578",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN17535578/index.html"
            },
            {
              "name": "https://support.cybozu.com/ja-jp/article/9737",
              "refsource": "MISC",
              "url": "https://support.cybozu.com/ja-jp/article/9737"
            },
            {
              "name": "97717",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97717"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-2115",
    "datePublished": "2017-04-28T16:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:39:32.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20632
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity ?
Summary
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/36870/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-18T00:56:02",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/36870/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20632",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN45797538/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/36870/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/36870/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20632",
    "datePublished": "2021-03-18T00:56:02",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-30693
Vulnerability from cvelistv5
Published
2022-08-18 07:12
Modified
2024-08-03 06:56
Severity ?
Summary
Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:13.489Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cs.cybozu.co.jp/2022/007584.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-18T07:12:25",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cs.cybozu.co.jp/2022/007584.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-30693",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Exposure of Sensitive Information to an Unauthorized Actor"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cs.cybozu.co.jp/2022/007584.html",
              "refsource": "MISC",
              "url": "https://cs.cybozu.co.jp/2022/007584.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN20573662/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-30693",
    "datePublished": "2022-08-18T07:12:25",
    "dateReserved": "2022-06-17T00:00:00",
    "dateUpdated": "2024-08-03T06:56:13.489Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-30604
Vulnerability from cvelistv5
Published
2022-08-18 07:12
Modified
2024-08-03 06:56
Severity ?
Summary
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:12.973Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cs.cybozu.co.jp/2022/007584.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-18T07:12:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cs.cybozu.co.jp/2022/007584.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-30604",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cs.cybozu.co.jp/2022/007584.html",
              "refsource": "MISC",
              "url": "https://cs.cybozu.co.jp/2022/007584.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN20573662/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-30604",
    "datePublished": "2022-08-18T07:12:01",
    "dateReserved": "2022-06-17T00:00:00",
    "dateUpdated": "2024-08-03T06:56:12.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0703
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 03:35
Severity ?
Summary
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.
References
https://jvn.jp/en/jp/JVN15232217/index.htmlthird-party-advisory, x_refsource_JVN
https://kb.cybozu.support/article/34088/x_refsource_MISC
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:48.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#15232217",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN15232217/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/34088/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.1"
            }
          ]
        }
      ],
      "datePublic": "2019-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-09T21:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#15232217",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN15232217/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/34088/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0703",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#15232217",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN15232217/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/34088/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/34088/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0703",
    "datePublished": "2019-01-09T22:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:35:48.939Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-32453
Vulnerability from cvelistv5
Published
2022-08-18 07:13
Modified
2024-08-03 07:39
Severity ?
Summary
HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:51.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cs.cybozu.co.jp/2022/007584.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "HTTP header injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-18T07:13:13",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cs.cybozu.co.jp/2022/007584.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-32453",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "HTTP header injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cs.cybozu.co.jp/2022/007584.html",
              "refsource": "MISC",
              "url": "https://cs.cybozu.co.jp/2022/007584.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN20573662/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-32453",
    "datePublished": "2022-08-18T07:13:13",
    "dateReserved": "2022-06-17T00:00:00",
    "dateUpdated": "2024-08-03T07:39:51.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0567
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
Summary
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.
References
http://jvn.jp/en/jp/JVN51737843/index.htmlthird-party-advisory, x_refsource_JVN
https://support.cybozu.com/ja-jp/article/10198x_refsource_CONFIRM
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.084Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#51737843",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/10198"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.0"
            }
          ]
        }
      ],
      "datePublic": "2018-06-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Fails to restrict access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-26T13:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#51737843",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/10198"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0567",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Fails to restrict access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#51737843",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
            },
            {
              "name": "https://support.cybozu.com/ja-jp/article/10198",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/10198"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0567",
    "datePublished": "2018-06-26T14:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:28:11.084Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-6022
Vulnerability from cvelistv5
Published
2019-12-26 15:16
Modified
2024-08-04 20:16
Severity ?
Summary
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:16:24.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/36124"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN79854355/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the \u0027Customapp\u0027 function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-26T15:16:50",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/36124"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://jvn.jp/en/jp/JVN79854355/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-6022",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the \u0027Customapp\u0027 function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.cybozu.support/article/36124",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/36124"
            },
            {
              "name": "http://jvn.jp/en/jp/JVN79854355/index.html",
              "refsource": "MISC",
              "url": "http://jvn.jp/en/jp/JVN79854355/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2019-6022",
    "datePublished": "2019-12-26T15:16:50",
    "dateReserved": "2019-01-10T00:00:00",
    "dateUpdated": "2024-08-04T20:16:24.078Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-28715
Vulnerability from cvelistv5
Published
2022-08-18 07:10
Modified
2024-08-03 06:03
Severity ?
Summary
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:03:52.057Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cs.cybozu.co.jp/2022/007584.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-18T07:10:47",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cs.cybozu.co.jp/2022/007584.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-28715",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cs.cybozu.co.jp/2022/007584.html",
              "refsource": "MISC",
              "url": "https://cs.cybozu.co.jp/2022/007584.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN20573662/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-28715",
    "datePublished": "2022-08-18T07:10:47",
    "dateReserved": "2022-06-17T00:00:00",
    "dateUpdated": "2024-08-03T06:03:52.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0704
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 03:35
Severity ?
Summary
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.
References
https://jvn.jp/en/jp/JVN15232217/index.htmlthird-party-advisory, x_refsource_JVN
https://kb.cybozu.support/article/34091/x_refsource_MISC
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:48.963Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#15232217",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN15232217/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/34091/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.1"
            }
          ]
        }
      ],
      "datePublic": "2019-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-09T21:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#15232217",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN15232217/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/34091/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0704",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#15232217",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN15232217/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/34091/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/34091/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0704",
    "datePublished": "2019-01-09T22:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:35:48.963Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20625
Vulnerability from cvelistv5
Published
2021-03-18 00:55
Modified
2024-08-03 17:45
Severity ?
Summary
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.832Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/36874/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-18T00:55:57",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/36874/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20625",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN45797538/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/36874/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/36874/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20625",
    "datePublished": "2021-03-18T00:55:57",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:44.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10857
Vulnerability from cvelistv5
Published
2017-10-12 14:00
Modified
2024-08-05 17:50
Severity ?
Summary
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.
References
https://support.cybozu.com/ja-jp/article/9811x_refsource_CONFIRM
http://jvn.jp/en/jp/JVN14658424/index.htmlthird-party-advisory, x_refsource_JVN
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:50:12.589Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9811"
          },
          {
            "name": "JVN#14658424",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN14658424/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.6.1"
            }
          ]
        }
      ],
      "datePublic": "2017-10-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via \"Cabinet\" function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Fails to restrict access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-12T13:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9811"
        },
        {
          "name": "JVN#14658424",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN14658424/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-10857",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via \"Cabinet\" function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Fails to restrict access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.cybozu.com/ja-jp/article/9811",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/9811"
            },
            {
              "name": "JVN#14658424",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN14658424/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-10857",
    "datePublished": "2017-10-12T14:00:00",
    "dateReserved": "2017-07-04T00:00:00",
    "dateUpdated": "2024-08-05T17:50:12.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-32283
Vulnerability from cvelistv5
Published
2022-08-18 07:12
Modified
2024-08-03 07:39
Severity ?
Summary
Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:50.529Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cs.cybozu.co.jp/2022/007584.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-18T07:12:44",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cs.cybozu.co.jp/2022/007584.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-32283",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cs.cybozu.co.jp/2022/007584.html",
              "refsource": "MISC",
              "url": "https://cs.cybozu.co.jp/2022/007584.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN20573662/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-32283",
    "datePublished": "2022-08-18T07:12:44",
    "dateReserved": "2022-06-17T00:00:00",
    "dateUpdated": "2024-08-03T07:39:50.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20631
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity ?
Summary
Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/36871/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Input Validation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-18T00:56:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/36871/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20631",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN45797538/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/36871/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/36871/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20631",
    "datePublished": "2021-03-18T00:56:01",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:44.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0527
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
https://support.cybozu.com/ja-jp/article/10029x_refsource_CONFIRM
http://jvn.jp/en/jp/JVN51737843/index.htmlthird-party-advisory, x_refsource_JVN
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.177Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/10029"
          },
          {
            "name": "JVN#51737843",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-06-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-26T13:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/10029"
        },
        {
          "name": "JVN#51737843",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0527",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.cybozu.com/ja-jp/article/10029",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/10029"
            },
            {
              "name": "JVN#51737843",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0527",
    "datePublished": "2018-06-26T14:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:28:11.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-33311
Vulnerability from cvelistv5
Published
2022-08-18 07:14
Modified
2024-08-03 08:01
Severity ?
Summary
Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cs.cybozu.co.jp/2022/007584.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-18T07:14:48",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cs.cybozu.co.jp/2022/007584.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-33311",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cs.cybozu.co.jp/2022/007584.html",
              "refsource": "MISC",
              "url": "https://cs.cybozu.co.jp/2022/007584.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN20573662/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-33311",
    "datePublished": "2022-08-18T07:14:48",
    "dateReserved": "2022-06-17T00:00:00",
    "dateUpdated": "2024-08-03T08:01:20.570Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-29487
Vulnerability from cvelistv5
Published
2022-08-18 07:11
Modified
2024-08-03 06:26
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:26:06.307Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cs.cybozu.co.jp/2022/007584.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-18T07:11:14",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cs.cybozu.co.jp/2022/007584.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-29487",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cs.cybozu.co.jp/2022/007584.html",
              "refsource": "MISC",
              "url": "https://cs.cybozu.co.jp/2022/007584.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN20573662/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-29487",
    "datePublished": "2022-08-18T07:11:14",
    "dateReserved": "2022-06-17T00:00:00",
    "dateUpdated": "2024-08-03T06:26:06.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-6023
Vulnerability from cvelistv5
Published
2019-12-26 15:16
Modified
2024-08-04 20:16
Severity ?
Summary
Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:16:24.755Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN79854355/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/36130"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application \u0027Address\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Fails to restrict access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-26T15:16:50",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://jvn.jp/en/jp/JVN79854355/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/36130"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-6023",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application \u0027Address\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Fails to restrict access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://jvn.jp/en/jp/JVN79854355/index.html",
              "refsource": "MISC",
              "url": "http://jvn.jp/en/jp/JVN79854355/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/36130",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/36130"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2019-6023",
    "datePublished": "2019-12-26T15:16:50",
    "dateReserved": "2019-01-10T00:00:00",
    "dateUpdated": "2024-08-04T20:16:24.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-33151
Vulnerability from cvelistv5
Published
2022-08-18 07:14
Modified
2024-08-03 08:01
Severity ?
Summary
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cs.cybozu.co.jp/2022/007584.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-18T07:14:24",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cs.cybozu.co.jp/2022/007584.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-33151",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cs.cybozu.co.jp/2022/007584.html",
              "refsource": "MISC",
              "url": "https://cs.cybozu.co.jp/2022/007584.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN20573662/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-33151",
    "datePublished": "2022-08-18T07:14:25",
    "dateReserved": "2022-06-17T00:00:00",
    "dateUpdated": "2024-08-03T08:01:20.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0529
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
Summary
Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.
References
https://support.cybozu.com/ja-jp/article/10052x_refsource_CONFIRM
http://jvn.jp/en/jp/JVN51737843/index.htmlthird-party-advisory, x_refsource_JVN
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/10052"
          },
          {
            "name": "JVN#51737843",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-06-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial-of-service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-26T13:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/10052"
        },
        {
          "name": "JVN#51737843",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0529",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial-of-service (DoS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.cybozu.com/ja-jp/article/10052",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/10052"
            },
            {
              "name": "JVN#51737843",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0529",
    "datePublished": "2018-06-26T14:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:28:11.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-32544
Vulnerability from cvelistv5
Published
2022-08-18 07:13
Modified
2024-08-03 07:46
Severity ?
Summary
Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:46:44.333Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cs.cybozu.co.jp/2022/007584.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Authorization",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-18T07:13:36",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cs.cybozu.co.jp/2022/007584.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-32544",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cs.cybozu.co.jp/2022/007584.html",
              "refsource": "MISC",
              "url": "https://cs.cybozu.co.jp/2022/007584.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN20573662/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN20573662/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-32544",
    "datePublished": "2022-08-18T07:13:37",
    "dateReserved": "2022-06-17T00:00:00",
    "dateUpdated": "2024-08-03T07:46:44.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20628
Vulnerability from cvelistv5
Published
2021-03-18 00:55
Modified
2024-08-03 17:45
Severity ?
Summary
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.
References
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.027Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/36868/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-18T00:55:59",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/36868/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20628",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN45797538/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/36868/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/36868/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20628",
    "datePublished": "2021-03-18T00:55:59",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.027Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-2114
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
http://jvn.jp/en/jp/JVN17535578/index.htmlthird-party-advisory, x_refsource_JVN
http://www.securityfocus.com/bid/97717vdb-entry, x_refsource_BID
https://support.cybozu.com/ja-jp/article/9738x_refsource_MISC
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.252Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#17535578",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN17535578/index.html"
          },
          {
            "name": "97717",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97717"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9738"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.5.0"
            }
          ]
        }
      ],
      "datePublic": "2017-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-01T09:57:02",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#17535578",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN17535578/index.html"
        },
        {
          "name": "97717",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97717"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9738"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2114",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.5.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#17535578",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN17535578/index.html"
            },
            {
              "name": "97717",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97717"
            },
            {
              "name": "https://support.cybozu.com/ja-jp/article/9738",
              "refsource": "MISC",
              "url": "https://support.cybozu.com/ja-jp/article/9738"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-2114",
    "datePublished": "2017-04-28T16:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:39:32.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-2116
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
Summary
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.
References
http://jvn.jp/en/jp/JVN17535578/index.htmlthird-party-advisory, x_refsource_JVN
http://www.securityfocus.com/bid/97717vdb-entry, x_refsource_BID
https://support.cybozu.com/ja-jp/article/9736x_refsource_MISC
Impacted products
Cybozu, Inc.Cybozu Office
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.279Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#17535578",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN17535578/index.html"
          },
          {
            "name": "97717",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97717"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9736"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.5.0"
            }
          ]
        }
      ],
      "datePublic": "2017-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete \"customapp\" templates via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Fails to restrict access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-01T09:57:02",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#17535578",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN17535578/index.html"
        },
        {
          "name": "97717",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97717"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9736"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2116",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.5.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete \"customapp\" templates via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Fails to restrict access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#17535578",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN17535578/index.html"
            },
            {
              "name": "97717",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97717"
            },
            {
              "name": "https://support.cybozu.com/ja-jp/article/9736",
              "refsource": "MISC",
              "url": "https://support.cybozu.com/ja-jp/article/9736"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-2116",
    "datePublished": "2017-04-28T16:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:39:32.279Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}