All the vulnerabilites related to Cybozu, Inc. - Remote Service
jvndb-2018-000126
Vulnerability from jvndb
Published
2018-12-10 14:26
Modified
2019-08-27 11:48
Severity ?
Summary
Multiple vulnerabilities in Cybozu Remote Service
Details
Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* Upload of arbitrary files in logo setting screen (CWE-434) - CVE-2018-16169
* Directory traversal in used device management screen (CWE-22) - CVE-2018-16170
* Directory traversal in client certificates registration function (CWE-22) - CVE-2018-16171
* Improper countermeasure against clickjacking attack in client certificates management screen (CWE-451) - CVE-2018-16172
Cybozu, Inc. reported CVE-2018-16169 vulnerability to JPCERT/CC to notify users of the solution through JVN.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported CVE-2018-16170 and CVE-2018-16171 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
Kanta Nishitani reported CVE-2018-16172 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cybozu, Inc. | Remote Service |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000126.html",
"dc:date": "2019-08-27T11:48+09:00",
"dcterms:issued": "2018-12-10T14:26+09:00",
"dcterms:modified": "2019-08-27T11:48+09:00",
"description": "Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n* Upload of arbitrary files in logo setting screen (CWE-434) - CVE-2018-16169\r\n* Directory traversal in used device management screen (CWE-22) - CVE-2018-16170\r\n* Directory traversal in client certificates registration function (CWE-22) - CVE-2018-16171\r\n* Improper countermeasure against clickjacking attack in client certificates management screen (CWE-451) - CVE-2018-16172\r\n\r\nCybozu, Inc. reported CVE-2018-16169 vulnerability to JPCERT/CC to notify users of the solution through JVN.\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported CVE-2018-16170 and CVE-2018-16171 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\nKanta Nishitani reported CVE-2018-16172 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000126.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:cybozu_remote_service",
"@product": "Remote Service",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000126",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN23161885/index.html",
"@id": "JVN#23161885",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16169",
"@id": "CVE-2018-16169",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16170",
"@id": "CVE-2018-16170",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16171",
"@id": "CVE-2018-16171",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16172",
"@id": "CVE-2018-16172",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16169",
"@id": "CVE-2018-16169",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16170",
"@id": "CVE-2018-16170",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16171",
"@id": "CVE-2018-16171",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16172",
"@id": "CVE-2018-16172",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Cybozu Remote Service"
}
jvndb-2022-000095
Vulnerability from jvndb
Published
2022-11-25 14:15
Modified
2024-06-03 16:08
Severity ?
Summary
Cybozu Remote Service vulnerable to Uncontrolled Resource Consumption
Details
Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption (CWE-400).
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cybozu, Inc. | Remote Service |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000095.html",
"dc:date": "2024-06-03T16:08+09:00",
"dcterms:issued": "2022-11-25T14:15+09:00",
"dcterms:modified": "2024-06-03T16:08+09:00",
"description": "Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption (CWE-400).\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000095.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:cybozu_remote_service",
"@product": "Remote Service",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000095",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN87895771/index.html",
"@id": "JVN#87895771",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-44608",
"@id": "CVE-2022-44608",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-44608",
"@id": "CVE-2022-44608",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Cybozu Remote Service vulnerable to Uncontrolled Resource Consumption"
}
jvndb-2021-000088
Vulnerability from jvndb
Published
2021-09-30 16:03
Modified
2024-04-08 18:09
Severity ?
Summary
Multiple vulnerabilities in Cybozu Remote Service
Details
Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* [CyVDB-525] Cross-site request forgery vulnerability in the management screen (CWE-352) - CVE-2021-20795
* [CyVDB-1742] Path traversal vulnerability in the management screen (CWE-22) - CVE-2021-20796
* [CyVDB-1806] Cross-site script inclusion vulnerability in the management screen (CWE-829) - CVE-2021-20797
* [CyVDB-1808] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20798
* [CyVDB-1809] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20799
* [CyVDB-1810] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20800
* [CyVDB-1811] XML external entity injection (XXE) vulnerability (CWE-611) - CVE-2021-20801
* [CyVDB-1814] HTTP header injection vulnerability (CWE-113) - CVE-2021-20802
* [CyVDB-1820] Operation restriction bypass in the management screen (CWE-264) - CVE-2021-20803
* [CyVDB-1830] Denial-of-service (DoS) vulnerability (CWE-400) - CVE-2021-20804
* [CyVDB-1862] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20805
* [CyVDB-1968] Open redirect vulnerability (CWE-601) - CVE-2021-20806
* [CyVDB-2028] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20807
* [CyVDB-877] Path traversal vulnerability in Importing Mobile Device Data (CWE-22) - CVE-2022-26838
CVE-2021-20795
Masaaki Chida reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN.
CVE-2021-20796, CVE-2021-20807
Toshitsugu Yoneyama(Mitsui Bussan Secure Directions, Inc.) reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20805
Yuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN.
CVE-2021-20806
Kanta Nishitani of Ierae Security Inc. reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN.
CVE-2021-20797, CVE-2021-20798, CVE-2021-20799, CVE-2021-20800, CVE-2021-20801, CVE-2021-20802, CVE-2021-20803, CVE-2021-20804, CVE-2022-26838
Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cybozu, Inc. | Remote Service |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000088.html",
"dc:date": "2024-04-08T18:09+09:00",
"dcterms:issued": "2021-09-30T16:03+09:00",
"dcterms:modified": "2024-04-08T18:09+09:00",
"description": "Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n\r\n* [CyVDB-525] Cross-site request forgery vulnerability in the management screen (CWE-352) - CVE-2021-20795\r\n* [CyVDB-1742] Path traversal vulnerability in the management screen (CWE-22) - CVE-2021-20796\r\n* [CyVDB-1806] Cross-site script inclusion vulnerability in the management screen (CWE-829) - CVE-2021-20797\r\n* [CyVDB-1808] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20798\r\n* [CyVDB-1809] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20799\r\n* [CyVDB-1810] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20800\r\n* [CyVDB-1811] XML external entity injection (XXE) vulnerability (CWE-611) - CVE-2021-20801\r\n* [CyVDB-1814] HTTP header injection vulnerability (CWE-113) - CVE-2021-20802\r\n* [CyVDB-1820] Operation restriction bypass in the management screen (CWE-264) - CVE-2021-20803\r\n* [CyVDB-1830] Denial-of-service (DoS) vulnerability (CWE-400) - CVE-2021-20804\r\n* [CyVDB-1862] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20805\r\n* [CyVDB-1968] Open redirect vulnerability (CWE-601) - CVE-2021-20806\r\n* [CyVDB-2028] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20807\r\n* [CyVDB-877] Path traversal vulnerability in Importing Mobile Device Data (CWE-22) - CVE-2022-26838\r\n\r\nCVE-2021-20795\r\n Masaaki Chida reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n CVE-2021-20796, CVE-2021-20807\r\n Toshitsugu Yoneyama(Mitsui Bussan Secure Directions, Inc.) reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\n CVE-2021-20805\r\n Yuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n CVE-2021-20806\r\n Kanta Nishitani of Ierae Security Inc. reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n CVE-2021-20797, CVE-2021-20798, CVE-2021-20799, CVE-2021-20800, CVE-2021-20801, CVE-2021-20802, CVE-2021-20803, CVE-2021-20804, CVE-2022-26838\r\n Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000088.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:cybozu_remote_service",
"@product": "Remote Service",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000088",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN52694228/index.html",
"@id": "JVN#52694228",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20795",
"@id": "CVE-2021-20795",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20796",
"@id": "CVE-2021-20796",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20797",
"@id": "CVE-2021-20797",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20798",
"@id": "CVE-2021-20798",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20799",
"@id": "CVE-2021-20799",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20800",
"@id": "CVE-2021-20800",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20801",
"@id": "CVE-2021-20801",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20802",
"@id": "CVE-2021-20802",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20803",
"@id": "CVE-2021-20803",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20804",
"@id": "CVE-2021-20804",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20805",
"@id": "CVE-2021-20805",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20806",
"@id": "CVE-2021-20806",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20807",
"@id": "CVE-2021-20807",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26838",
"@id": "CVE-2022-26838",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20795",
"@id": "CVE-2021-20795",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20796",
"@id": "CVE-2021-20796",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20797",
"@id": "CVE-2021-20797",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20798",
"@id": "CVE-2021-20798",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20799",
"@id": "CVE-2021-20799",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20800",
"@id": "CVE-2021-20800",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20801",
"@id": "CVE-2021-20801",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20802",
"@id": "CVE-2021-20802",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20803",
"@id": "CVE-2021-20803",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20804",
"@id": "CVE-2021-20804",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20805",
"@id": "CVE-2021-20805",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20806",
"@id": "CVE-2021-20806",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20807",
"@id": "CVE-2021-20807",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26838",
"@id": "CVE-2022-26838",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/400.html",
"@id": "CWE-400",
"@title": "Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027)(CWE-400)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Cybozu Remote Service"
}
jvndb-2023-000109
Vulnerability from jvndb
Published
2023-10-31 13:43
Modified
2024-05-07 15:51
Severity ?
Summary
Cybozu Remote Service vulnerable to uncontrolled resource consumption
Details
Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption (CWE-400).
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cybozu, Inc. | Remote Service |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000109.html",
"dc:date": "2024-05-07T15:51+09:00",
"dcterms:issued": "2023-10-31T13:43+09:00",
"dcterms:modified": "2024-05-07T15:51+09:00",
"description": "Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption (CWE-400).\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000109.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:cybozu_remote_service",
"@product": "Remote Service",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000109",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN94132951/index.html",
"@id": "JVN#94132951",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-46278",
"@id": "CVE-2023-46278",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-46278",
"@id": "CVE-2023-46278",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Cybozu Remote Service vulnerable to uncontrolled resource consumption"
}