Vulnerabilites related to cybozu - office
cve-2021-20633
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC | |
| https://kb.cybozu.support/article/36869/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:45:45.214Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.cybozu.support/article/36869/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.4", }, ], }, ], descriptions: [ { lang: "en", value: "Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Access Control", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-18T00:56:02", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.cybozu.support/article/36869/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20633", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.4", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Access Control", }, ], }, ], }, references: { reference_data: [ { name: "https://jvn.jp/en/jp/JVN45797538/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { name: "https://kb.cybozu.support/article/36869/", refsource: "MISC", url: "https://kb.cybozu.support/article/36869/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20633", datePublished: "2021-03-18T00:56:02", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:45:45.214Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8487
Vulnerability from cvelistv5
Published
2016-02-17 02:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN47296923/index.html | third-party-advisory, x_refsource_JVN | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000022 | third-party-advisory, x_refsource_JVNDB | |
| https://cs.cybozu.co.jp/2015/006071.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:20:42.428Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVN#47296923", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN47296923/index.html", }, { name: "JVNDB-2016-000022", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000022", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006071.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-15T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-02-17T01:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVN#47296923", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN47296923/index.html", }, { name: "JVNDB-2016-000022", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000022", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006071.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2015-8487", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVN#47296923", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN47296923/index.html", }, { name: "JVNDB-2016-000022", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000022", }, { name: "https://cs.cybozu.co.jp/2015/006071.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006071.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2015-8487", datePublished: "2016-02-17T02:00:00", dateReserved: "2015-12-07T00:00:00", dateUpdated: "2024-08-06T08:20:42.428Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20631
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC | |
| https://kb.cybozu.support/article/36871/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:45:44.986Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.cybozu.support/article/36871/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.4", }, ], }, ], descriptions: [ { lang: "en", value: "Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Input Validation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-18T00:56:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.cybozu.support/article/36871/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20631", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.4", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://jvn.jp/en/jp/JVN45797538/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { name: "https://kb.cybozu.support/article/36871/", refsource: "MISC", url: "https://kb.cybozu.support/article/36871/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20631", datePublished: "2021-03-18T00:56:01", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:45:44.986Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0565
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN51737843/index.html | third-party-advisory, x_refsource_JVN | |
| https://support.cybozu.com/ja-jp/article/10200 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:28:11.189Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVN#51737843", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/10200", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.0", }, ], }, ], datePublic: "2018-06-26T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-26T13:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVN#51737843", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/10200", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2018-0565", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.0", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "JVN#51737843", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { name: "https://support.cybozu.com/ja-jp/article/10200", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/10200", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2018-0565", datePublished: "2018-06-26T14:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-08-05T03:28:11.189Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7798
Vulnerability from cvelistv5
Published
2016-02-17 02:00
Modified
2024-08-06 07:58
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 | third-party-advisory, x_refsource_JVNDB | |
| https://cs.cybozu.co.jp/2015/006072.html | x_refsource_CONFIRM | |
| https://cs.cybozu.co.jp/2015/006087.html | x_refsource_CONFIRM | |
| https://cs.cybozu.co.jp/2016/006107.html | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN69278491/index.html | third-party-advisory, x_refsource_JVN | |
| https://cs.cybozu.co.jp/2016/006109.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:58:59.914Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2016-000026", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-15T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-02-17T01:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVNDB-2016-000026", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2015-7798", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2016-000026", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { name: "https://cs.cybozu.co.jp/2015/006072.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006072.html", }, { name: "https://cs.cybozu.co.jp/2015/006087.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006087.html", }, { name: "https://cs.cybozu.co.jp/2016/006107.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { name: "https://cs.cybozu.co.jp/2016/006109.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2015-7798", datePublished: "2016-02-17T02:00:00", dateReserved: "2015-10-09T00:00:00", dateUpdated: "2024-08-06T07:58:59.914Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8489
Vulnerability from cvelistv5
Published
2016-02-17 02:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000020 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN20246313/index.html | third-party-advisory, x_refsource_JVN | |
| https://cs.cybozu.co.jp/2015/006073.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:20:42.463Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2016-000020", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000020", }, { name: "JVN#20246313", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN20246313/index.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006073.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-15T00:00:00", descriptions: [ { lang: "en", value: "customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-02-17T01:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVNDB-2016-000020", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000020", }, { name: "JVN#20246313", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN20246313/index.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006073.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2015-8489", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2016-000020", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000020", }, { name: "JVN#20246313", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN20246313/index.html", }, { name: "https://cs.cybozu.co.jp/2015/006073.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006073.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2015-8489", datePublished: "2016-02-17T02:00:00", dateReserved: "2015-12-07T00:00:00", dateUpdated: "2024-08-06T08:20:42.463Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1149
Vulnerability from cvelistv5
Published
2016-02-17 02:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 | third-party-advisory, x_refsource_JVNDB | |
| https://cs.cybozu.co.jp/2015/006072.html | x_refsource_CONFIRM | |
| https://cs.cybozu.co.jp/2015/006087.html | x_refsource_CONFIRM | |
| https://cs.cybozu.co.jp/2016/006107.html | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN69278491/index.html | third-party-advisory, x_refsource_JVN | |
| https://cs.cybozu.co.jp/2016/006109.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:48:12.977Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2016-000026", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-15T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-02-17T01:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVNDB-2016-000026", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-1149", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2016-000026", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { name: "https://cs.cybozu.co.jp/2015/006072.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006072.html", }, { name: "https://cs.cybozu.co.jp/2015/006087.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006087.html", }, { name: "https://cs.cybozu.co.jp/2016/006107.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { name: "https://cs.cybozu.co.jp/2016/006109.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-1149", datePublished: "2016-02-17T02:00:00", dateReserved: "2015-12-26T00:00:00", dateUpdated: "2024-08-05T22:48:12.977Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7795
Vulnerability from cvelistv5
Published
2016-02-17 02:00
Modified
2024-08-06 07:58
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 | third-party-advisory, x_refsource_JVNDB | |
| https://cs.cybozu.co.jp/2015/006072.html | x_refsource_CONFIRM | |
| https://cs.cybozu.co.jp/2015/006087.html | x_refsource_CONFIRM | |
| https://cs.cybozu.co.jp/2016/006107.html | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN69278491/index.html | third-party-advisory, x_refsource_JVN | |
| https://cs.cybozu.co.jp/2016/006109.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:58:59.980Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2016-000026", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-15T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-02-17T01:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVNDB-2016-000026", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2015-7795", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2016-000026", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { name: "https://cs.cybozu.co.jp/2015/006072.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006072.html", }, { name: "https://cs.cybozu.co.jp/2015/006087.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006087.html", }, { name: "https://cs.cybozu.co.jp/2016/006107.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { name: "https://cs.cybozu.co.jp/2016/006109.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2015-7795", datePublished: "2016-02-17T02:00:00", dateReserved: "2015-10-09T00:00:00", dateUpdated: "2024-08-06T07:58:59.980Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4873
Vulnerability from cvelistv5
Published
2017-04-17 15:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.cybozu.com/ja-jp/article/9442 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93461 | vdb-entry, x_refsource_BID | |
| http://jvn.jp/en/jp/JVN07148816/index.html | third-party-advisory, x_refsource_JVN | |
| http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html | third-party-advisory, x_refsource_JVNDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:46:38.532Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/9442", }, { name: "93461", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93461", }, { name: "JVN#07148816", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN07148816/index.html", }, { name: "JVNDB-2016-000189", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-03T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-22T15:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/9442", }, { name: "93461", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93461", }, { name: "JVN#07148816", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN07148816/index.html", }, { name: "JVNDB-2016-000189", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-4873", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.cybozu.com/ja-jp/article/9442", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/9442", }, { name: "93461", refsource: "BID", url: "http://www.securityfocus.com/bid/93461", }, { name: "JVN#07148816", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN07148816/index.html", }, { name: "JVNDB-2016-000189", refsource: "JVNDB", url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-4873", datePublished: "2017-04-17T15:00:00", dateReserved: "2016-05-17T00:00:00", dateUpdated: "2024-08-06T00:46:38.532Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20629
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC | |
| https://kb.cybozu.support/article/36867/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:45:45.027Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.cybozu.support/article/36867/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.4", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-18T00:55:59", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.cybozu.support/article/36867/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20629", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.4", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://jvn.jp/en/jp/JVN45797538/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { name: "https://kb.cybozu.support/article/36867/", refsource: "MISC", url: "https://kb.cybozu.support/article/36867/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20629", datePublished: "2021-03-18T00:56:00", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:45:45.027Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28715
Vulnerability from cvelistv5
Published
2022-08-18 07:10
Modified
2024-08-03 06:03
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:03:52.057Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.5", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-18T07:10:47", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2022-28715", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.5", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2022/007584.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2022/007584.html", }, { name: "https://jvn.jp/en/jp/JVN20573662/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2022-28715", datePublished: "2022-08-18T07:10:47", dateReserved: "2022-06-17T00:00:00", dateUpdated: "2024-08-03T06:03:52.057Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20625
Vulnerability from cvelistv5
Published
2021-03-18 00:55
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC | |
| https://kb.cybozu.support/article/36874/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:45:44.832Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.cybozu.support/article/36874/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.4", }, ], }, ], descriptions: [ { lang: "en", value: "Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Access Control", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-18T00:55:57", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.cybozu.support/article/36874/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20625", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.4", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Access Control", }, ], }, ], }, references: { reference_data: [ { name: "https://jvn.jp/en/jp/JVN45797538/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { name: "https://kb.cybozu.support/article/36874/", refsource: "MISC", url: "https://kb.cybozu.support/article/36874/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20625", datePublished: "2021-03-18T00:55:57", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:45:44.832Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7796
Vulnerability from cvelistv5
Published
2016-02-17 02:00
Modified
2024-08-06 07:59
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 | third-party-advisory, x_refsource_JVNDB | |
| https://cs.cybozu.co.jp/2015/006072.html | x_refsource_CONFIRM | |
| https://cs.cybozu.co.jp/2015/006087.html | x_refsource_CONFIRM | |
| https://cs.cybozu.co.jp/2016/006107.html | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN69278491/index.html | third-party-advisory, x_refsource_JVN | |
| https://cs.cybozu.co.jp/2016/006109.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:59:00.384Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2016-000026", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-15T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-02-17T01:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVNDB-2016-000026", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2015-7796", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2016-000026", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { name: "https://cs.cybozu.co.jp/2015/006072.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006072.html", }, { name: "https://cs.cybozu.co.jp/2015/006087.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006087.html", }, { name: "https://cs.cybozu.co.jp/2016/006107.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { name: "https://cs.cybozu.co.jp/2016/006109.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2015-7796", datePublished: "2016-02-17T02:00:00", dateReserved: "2015-10-09T00:00:00", dateUpdated: "2024-08-06T07:59:00.384Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4868
Vulnerability from cvelistv5
Published
2017-04-17 15:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.cybozu.com/ja-jp/article/9433 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97713 | vdb-entry, x_refsource_BID | |
| http://jvn.jp/en/jp/JVN08736331/index.html | third-party-advisory, x_refsource_JVN | |
| http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html | third-party-advisory, x_refsource_JVNDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:46:38.547Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/9433", }, { name: "97713", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97713", }, { name: "JVN#08736331", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN08736331/index.html", }, { name: "JVNDB-2016-000190", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-03T00:00:00", descriptions: [ { lang: "en", value: "Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-22T15:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/9433", }, { name: "97713", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97713", }, { name: "JVN#08736331", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN08736331/index.html", }, { name: "JVNDB-2016-000190", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-4868", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.cybozu.com/ja-jp/article/9433", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/9433", }, { name: "97713", refsource: "BID", url: "http://www.securityfocus.com/bid/97713", }, { name: "JVN#08736331", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN08736331/index.html", }, { name: "JVNDB-2016-000190", refsource: "JVNDB", url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-4868", datePublished: "2017-04-17T15:00:00", dateReserved: "2016-05-17T00:00:00", dateUpdated: "2024-08-06T00:46:38.547Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-1333
Vulnerability from cvelistv5
Published
2011-06-29 17:00
Modified
2024-09-17 00:40
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board system."
References
| ▼ | URL | Tags |
|---|---|---|
| http://cybozu.co.jp/products/dl/notice/detail/0019.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/45063 | third-party-advisory, x_refsource_SECUNIA | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2011-000045 | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/48446 | vdb-entry, x_refsource_BID | |
| http://jvn.jp/en/jp/JVN80877328/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.osvdb.org/73327 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:21:34.241Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://cybozu.co.jp/products/dl/notice/detail/0019.html", }, { name: "45063", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/45063", }, { name: "JVNDB-2011-000045", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000045", }, { name: "48446", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/48446", }, { name: "JVN#80877328", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN80877328/index.html", }, { name: "73327", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/73327", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the bulletin board system.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-06-29T17:00:00Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://cybozu.co.jp/products/dl/notice/detail/0019.html", }, { name: "45063", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/45063", }, { name: "JVNDB-2011-000045", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000045", }, { name: "48446", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/48446", }, { name: "JVN#80877328", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN80877328/index.html", }, { name: "73327", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/73327", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2011-1333", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the bulletin board system.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://cybozu.co.jp/products/dl/notice/detail/0019.html", refsource: "CONFIRM", url: "http://cybozu.co.jp/products/dl/notice/detail/0019.html", }, { name: "45063", refsource: "SECUNIA", url: "http://secunia.com/advisories/45063", }, { name: "JVNDB-2011-000045", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000045", }, { name: "48446", refsource: "BID", url: "http://www.securityfocus.com/bid/48446", }, { name: "JVN#80877328", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN80877328/index.html", }, { name: "73327", refsource: "OSVDB", url: "http://www.osvdb.org/73327", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2011-1333", datePublished: "2011-06-29T17:00:00Z", dateReserved: "2011-03-09T00:00:00Z", dateUpdated: "2024-09-17T00:40:53.563Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0704
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 03:35
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN15232217/index.html | third-party-advisory, x_refsource_JVN | |
| https://kb.cybozu.support/article/34091/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:35:48.963Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVN#15232217", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN15232217/index.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.cybozu.support/article/34091/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.1", }, ], }, ], datePublic: "2019-01-09T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.", }, ], problemTypes: [ { descriptions: [ { description: "Directory traversal", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-09T21:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVN#15232217", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "https://jvn.jp/en/jp/JVN15232217/index.html", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.cybozu.support/article/34091/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2018-0704", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.1", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Directory traversal", }, ], }, ], }, references: { reference_data: [ { name: "JVN#15232217", refsource: "JVN", url: "https://jvn.jp/en/jp/JVN15232217/index.html", }, { name: "https://kb.cybozu.support/article/34091/", refsource: "MISC", url: "https://kb.cybozu.support/article/34091/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2018-0704", datePublished: "2019-01-09T22:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-08-05T03:35:48.963Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0527
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.cybozu.com/ja-jp/article/10029 | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN51737843/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.7.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:28:11.177Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/10029", }, { name: "JVN#51737843", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.7.0", }, ], }, ], datePublic: "2018-06-26T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-26T13:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/10029", }, { name: "JVN#51737843", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2018-0527", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.7.0", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://support.cybozu.com/ja-jp/article/10029", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/10029", }, { name: "JVN#51737843", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2018-0527", datePublished: "2018-06-26T14:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-08-05T03:28:11.177Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20626
Vulnerability from cvelistv5
Published
2021-03-18 00:55
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC | |
| https://kb.cybozu.support/article/36864/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:45:45.280Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.cybozu.support/article/36864/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.4", }, ], }, ], descriptions: [ { lang: "en", value: "Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Access Control", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-18T00:55:57", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.cybozu.support/article/36864/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20626", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.4", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Access Control", }, ], }, ], }, references: { reference_data: [ { name: "https://jvn.jp/en/jp/JVN45797538/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { name: "https://kb.cybozu.support/article/36864/", refsource: "MISC", url: "https://kb.cybozu.support/article/36864/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20626", datePublished: "2021-03-18T00:55:57", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:45:45.280Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-2677
Vulnerability from cvelistv5
Published
2011-10-21 18:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/76124 | vdb-entry, x_refsource_OSVDB | |
| http://cs.cybozu.co.jp/information/20111005notice01.php | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/70411 | vdb-entry, x_refsource_XF | |
| http://jvn.jp/en/jp/JVN84838479/index.html | third-party-advisory, x_refsource_JVN | |
| http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000079.html | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/50015 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/46321 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:08:23.777Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "76124", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/76124", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://cs.cybozu.co.jp/information/20111005notice01.php", }, { name: "cybozuoffice-unspecified-security-bypass(70411)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/70411", }, { name: "JVN#84838479", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN84838479/index.html", }, { name: "JVNDB-2011-000079", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000079.html", }, { name: "50015", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/50015", }, { name: "46321", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/46321", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-10-05T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "76124", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/76124", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://cs.cybozu.co.jp/information/20111005notice01.php", }, { name: "cybozuoffice-unspecified-security-bypass(70411)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/70411", }, { name: "JVN#84838479", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN84838479/index.html", }, { name: "JVNDB-2011-000079", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000079.html", }, { name: "50015", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/50015", }, { name: "46321", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/46321", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2011-2677", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "76124", refsource: "OSVDB", url: "http://osvdb.org/76124", }, { name: "http://cs.cybozu.co.jp/information/20111005notice01.php", refsource: "CONFIRM", url: "http://cs.cybozu.co.jp/information/20111005notice01.php", }, { name: "cybozuoffice-unspecified-security-bypass(70411)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/70411", }, { name: "JVN#84838479", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN84838479/index.html", }, { name: "JVNDB-2011-000079", refsource: "JVNDB", url: "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000079.html", }, { name: "50015", refsource: "BID", url: "http://www.securityfocus.com/bid/50015", }, { name: "46321", refsource: "SECUNIA", url: "http://secunia.com/advisories/46321", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2011-2677", datePublished: "2011-10-21T18:00:00", dateReserved: "2011-07-07T00:00:00", dateUpdated: "2024-08-06T23:08:23.777Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29891
Vulnerability from cvelistv5
Published
2022-08-18 07:11
Modified
2024-08-03 06:33
Severity ?
EPSS score ?
Summary
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:33:43.067Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.5", }, ], }, ], descriptions: [ { lang: "en", value: "Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Access Control", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-18T07:11:37", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2022-29891", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.5", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Access Control", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2022/007584.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2022/007584.html", }, { name: "https://jvn.jp/en/jp/JVN20573662/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2022-29891", datePublished: "2022-08-18T07:11:37", dateReserved: "2022-06-17T00:00:00", dateUpdated: "2024-08-03T06:33:43.067Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4872
Vulnerability from cvelistv5
Published
2017-04-17 15:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.cybozu.com/ja-jp/article/9424 | x_refsource_CONFIRM | |
| http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/93461 | vdb-entry, x_refsource_BID | |
| http://jvn.jp/en/jp/JVN07148816/index.html | third-party-advisory, x_refsource_JVN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:46:38.546Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/9424", }, { name: "JVNDB-2016-000188", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html", }, { name: "93461", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93461", }, { name: "JVN#07148816", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN07148816/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-03T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-22T15:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/9424", }, { name: "JVNDB-2016-000188", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html", }, { name: "93461", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93461", }, { name: "JVN#07148816", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN07148816/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-4872", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.cybozu.com/ja-jp/article/9424", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/9424", }, { name: "JVNDB-2016-000188", refsource: "JVNDB", url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html", }, { name: "93461", refsource: "BID", url: "http://www.securityfocus.com/bid/93461", }, { name: "JVN#07148816", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN07148816/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-4872", datePublished: "2017-04-17T15:00:00", dateReserved: "2016-05-17T00:00:00", dateUpdated: "2024-08-06T00:46:38.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4703
Vulnerability from cvelistv5
Published
2013-09-10 10:00
Modified
2024-09-17 01:35
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://cs.cybozu.co.jp/information/20130909up11.php | x_refsource_CONFIRM | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000082 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN53014207/index.html | third-party-advisory, x_refsource_JVN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:52:27.056Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://cs.cybozu.co.jp/information/20130909up11.php", }, { name: "JVNDB-2013-000082", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000082", }, { name: "JVN#53014207", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN53014207/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-10T10:00:00Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://cs.cybozu.co.jp/information/20130909up11.php", }, { name: "JVNDB-2013-000082", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000082", }, { name: "JVN#53014207", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN53014207/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2013-4703", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://cs.cybozu.co.jp/information/20130909up11.php", refsource: "CONFIRM", url: "http://cs.cybozu.co.jp/information/20130909up11.php", }, { name: "JVNDB-2013-000082", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000082", }, { name: "JVN#53014207", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN53014207/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2013-4703", datePublished: "2013-09-10T10:00:00Z", dateReserved: "2013-06-26T00:00:00Z", dateUpdated: "2024-09-17T01:35:46.083Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0567
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN51737843/index.html | third-party-advisory, x_refsource_JVN | |
| https://support.cybozu.com/ja-jp/article/10198 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:28:11.084Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVN#51737843", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/10198", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.0", }, ], }, ], datePublic: "2018-06-26T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Fails to restrict access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-26T13:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVN#51737843", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/10198", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2018-0567", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.0", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Fails to restrict access", }, ], }, ], }, references: { reference_data: [ { name: "JVN#51737843", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { name: "https://support.cybozu.com/ja-jp/article/10198", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/10198", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2018-0567", datePublished: "2018-06-26T14:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-08-05T03:28:11.084Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-2114
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN17535578/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.securityfocus.com/bid/97717 | vdb-entry, x_refsource_BID | |
| https://support.cybozu.com/ja-jp/article/9738 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:39:32.252Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVN#17535578", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN17535578/index.html", }, { name: "97717", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97717", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/9738", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.5.0", }, ], }, ], datePublic: "2017-04-28T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-01T09:57:02", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVN#17535578", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN17535578/index.html", }, { name: "97717", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97717", }, { tags: [ "x_refsource_MISC", ], url: "https://support.cybozu.com/ja-jp/article/9738", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2017-2114", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.5.0", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "JVN#17535578", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN17535578/index.html", }, { name: "97717", refsource: "BID", url: "http://www.securityfocus.com/bid/97717", }, { name: "https://support.cybozu.com/ja-jp/article/9738", refsource: "MISC", url: "https://support.cybozu.com/ja-jp/article/9738", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2017-2114", datePublished: "2017-04-28T16:00:00", dateReserved: "2016-12-01T00:00:00", dateUpdated: "2024-08-05T13:39:32.252Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4865
Vulnerability from cvelistv5
Published
2017-04-17 15:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.cybozu.com/ja-jp/article/9430 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93281 | vdb-entry, x_refsource_BID | |
| http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN06726266/index.html | third-party-advisory, x_refsource_JVN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:46:38.546Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/9430", }, { name: "93281", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93281", }, { name: "JVNDB-2016-000184", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html", }, { name: "JVN#06726266", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN06726266/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-03T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-22T15:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/9430", }, { name: "93281", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93281", }, { name: "JVNDB-2016-000184", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html", }, { name: "JVN#06726266", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN06726266/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-4865", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.cybozu.com/ja-jp/article/9430", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/9430", }, { name: "93281", refsource: "BID", url: "http://www.securityfocus.com/bid/93281", }, { name: "JVNDB-2016-000184", refsource: "JVNDB", url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html", }, { name: "JVN#06726266", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN06726266/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-4865", datePublished: "2017-04-17T15:00:00", dateReserved: "2016-05-17T00:00:00", dateUpdated: "2024-08-06T00:46:38.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0529
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.cybozu.com/ja-jp/article/10052 | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN51737843/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.7.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:28:11.191Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/10052", }, { name: "JVN#51737843", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.7.0", }, ], }, ], datePublic: "2018-06-26T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Denial-of-service (DoS)", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-26T13:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/10052", }, { name: "JVN#51737843", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2018-0529", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.7.0", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial-of-service (DoS)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.cybozu.com/ja-jp/article/10052", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/10052", }, { name: "JVN#51737843", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2018-0529", datePublished: "2018-06-26T14:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-08-05T03:28:11.191Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4874
Vulnerability from cvelistv5
Published
2017-04-17 15:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html | third-party-advisory, x_refsource_JVNDB | |
| https://support.cybozu.com/ja-jp/article/9434 | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN11288252/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.securityfocus.com/bid/97719 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:46:38.544Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2016-000193", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/9434", }, { name: "JVN#11288252", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN11288252/index.html", }, { name: "97719", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97719", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-03T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a \"reflected file download\" attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-04-19T09:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVNDB-2016-000193", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/9434", }, { name: "JVN#11288252", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN11288252/index.html", }, { name: "97719", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97719", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-4874", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a \"reflected file download\" attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2016-000193", refsource: "JVNDB", url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html", }, { name: "https://support.cybozu.com/ja-jp/article/9434", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/9434", }, { name: "JVN#11288252", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN11288252/index.html", }, { name: "97719", refsource: "BID", url: "http://www.securityfocus.com/bid/97719", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-4874", datePublished: "2017-04-17T15:00:00", dateReserved: "2016-05-17T00:00:00", dateUpdated: "2024-08-06T00:46:38.544Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-1334
Vulnerability from cvelistv5
Published
2011-06-29 17:00
Modified
2024-09-17 01:16
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the mail system."
References
| ▼ | URL | Tags |
|---|---|---|
| http://cybozu.co.jp/products/dl/notice/detail/0019.html | x_refsource_CONFIRM | |
| http://www.osvdb.org/73317 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/48446 | vdb-entry, x_refsource_BID | |
| http://jvn.jp/en/jp/JVN54074460/index.html | third-party-advisory, x_refsource_JVN | |
| http://secunia.com/advisories/45043 | third-party-advisory, x_refsource_SECUNIA | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046 | third-party-advisory, x_refsource_JVNDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:21:34.065Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://cybozu.co.jp/products/dl/notice/detail/0019.html", }, { name: "73317", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/73317", }, { name: "48446", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/48446", }, { name: "JVN#54074460", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN54074460/index.html", }, { name: "45043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/45043", }, { name: "JVNDB-2011-000046", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the mail system.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-06-29T17:00:00Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://cybozu.co.jp/products/dl/notice/detail/0019.html", }, { name: "73317", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/73317", }, { name: "48446", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/48446", }, { name: "JVN#54074460", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN54074460/index.html", }, { name: "45043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/45043", }, { name: "JVNDB-2011-000046", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2011-1334", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the mail system.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://cybozu.co.jp/products/dl/notice/detail/0019.html", refsource: "CONFIRM", url: "http://cybozu.co.jp/products/dl/notice/detail/0019.html", }, { name: "73317", refsource: "OSVDB", url: "http://www.osvdb.org/73317", }, { name: "48446", refsource: "BID", url: "http://www.securityfocus.com/bid/48446", }, { name: "JVN#54074460", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN54074460/index.html", }, { name: "45043", refsource: "SECUNIA", url: "http://secunia.com/advisories/45043", }, { name: "JVNDB-2011-000046", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2011-1334", datePublished: "2011-06-29T17:00:00Z", dateReserved: "2011-03-09T00:00:00Z", dateUpdated: "2024-09-17T01:16:50.241Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-32453
Vulnerability from cvelistv5
Published
2022-08-18 07:13
Modified
2024-08-03 07:39
Severity ?
EPSS score ?
Summary
HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:39:51.192Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.5", }, ], }, ], descriptions: [ { lang: "en", value: "HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "HTTP header injection", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-18T07:13:13", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2022-32453", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.5", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "HTTP header injection", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2022/007584.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2022/007584.html", }, { name: "https://jvn.jp/en/jp/JVN20573662/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2022-32453", datePublished: "2022-08-18T07:13:13", dateReserved: "2022-06-17T00:00:00", dateUpdated: "2024-08-03T07:39:51.192Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7797
Vulnerability from cvelistv5
Published
2016-02-17 02:00
Modified
2024-08-06 07:58
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 | third-party-advisory, x_refsource_JVNDB | |
| https://cs.cybozu.co.jp/2015/006072.html | x_refsource_CONFIRM | |
| https://cs.cybozu.co.jp/2015/006087.html | x_refsource_CONFIRM | |
| https://cs.cybozu.co.jp/2016/006107.html | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN69278491/index.html | third-party-advisory, x_refsource_JVN | |
| https://cs.cybozu.co.jp/2016/006109.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:58:59.893Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2016-000026", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-15T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-02-17T01:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVNDB-2016-000026", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2015-7797", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2016-000026", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { name: "https://cs.cybozu.co.jp/2015/006072.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006072.html", }, { name: "https://cs.cybozu.co.jp/2015/006087.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006087.html", }, { name: "https://cs.cybozu.co.jp/2016/006107.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { name: "https://cs.cybozu.co.jp/2016/006109.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2015-7797", datePublished: "2016-02-17T02:00:00", dateReserved: "2015-10-09T00:00:00", dateUpdated: "2024-08-06T07:58:59.893Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-32583
Vulnerability from cvelistv5
Published
2022-08-18 07:14
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:46:43.647Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.5", }, ], }, ], descriptions: [ { lang: "en", value: "Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Authorization", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-18T07:14:00", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2022-32583", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.5", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Authorization", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2022/007584.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2022/007584.html", }, { name: "https://jvn.jp/en/jp/JVN20573662/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2022-32583", datePublished: "2022-08-18T07:14:00", dateReserved: "2022-06-17T00:00:00", dateUpdated: "2024-08-03T07:46:43.647Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-2115
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
EPSS score ?
Summary
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN17535578/index.html | third-party-advisory, x_refsource_JVN | |
| https://support.cybozu.com/ja-jp/article/9737 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/97717 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:39:32.370Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVN#17535578", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN17535578/index.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/9737", }, { name: "97717", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97717", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.5.0", }, ], }, ], datePublic: "2017-04-28T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain \"customapp\" information via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Fails to restrict access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-01T09:57:02", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVN#17535578", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN17535578/index.html", }, { tags: [ "x_refsource_MISC", ], url: "https://support.cybozu.com/ja-jp/article/9737", }, { name: "97717", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97717", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2017-2115", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.5.0", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain \"customapp\" information via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Fails to restrict access", }, ], }, ], }, references: { reference_data: [ { name: "JVN#17535578", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN17535578/index.html", }, { name: "https://support.cybozu.com/ja-jp/article/9737", refsource: "MISC", url: "https://support.cybozu.com/ja-jp/article/9737", }, { name: "97717", refsource: "BID", url: "http://www.securityfocus.com/bid/97717", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2017-2115", datePublished: "2017-04-28T16:00:00", dateReserved: "2016-12-01T00:00:00", dateUpdated: "2024-08-05T13:39:32.370Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4870
Vulnerability from cvelistv5
Published
2017-04-17 15:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93281 | vdb-entry, x_refsource_BID | |
| https://support.cybozu.com/ja-jp/article/9427 | x_refsource_CONFIRM | |
| http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN06726266/index.html | third-party-advisory, x_refsource_JVN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:46:39.227Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "93281", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93281", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/9427", }, { name: "JVNDB-2016-000186", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html", }, { name: "JVN#06726266", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN06726266/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-03T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-22T15:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "93281", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93281", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/9427", }, { name: "JVNDB-2016-000186", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html", }, { name: "JVN#06726266", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN06726266/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-4870", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "93281", refsource: "BID", url: "http://www.securityfocus.com/bid/93281", }, { name: "https://support.cybozu.com/ja-jp/article/9427", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/9427", }, { name: "JVNDB-2016-000186", refsource: "JVNDB", url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html", }, { name: "JVN#06726266", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN06726266/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-4870", datePublished: "2017-04-17T15:00:00", dateReserved: "2016-05-17T00:00:00", dateUpdated: "2024-08-06T00:46:39.227Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4867
Vulnerability from cvelistv5
Published
2017-04-17 15:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/93461 | vdb-entry, x_refsource_BID | |
| http://jvn.jp/en/jp/JVN07148816/index.html | third-party-advisory, x_refsource_JVN | |
| https://support.cybozu.com/ja-jp/article/9429 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:46:38.555Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2016-000187", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html", }, { name: "93461", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93461", }, { name: "JVN#07148816", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN07148816/index.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/9429", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-03T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-22T15:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVNDB-2016-000187", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html", }, { name: "93461", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93461", }, { name: "JVN#07148816", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN07148816/index.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/9429", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-4867", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2016-000187", refsource: "JVNDB", url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html", }, { name: "93461", refsource: "BID", url: "http://www.securityfocus.com/bid/93461", }, { name: "JVN#07148816", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN07148816/index.html", }, { name: "https://support.cybozu.com/ja-jp/article/9429", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/9429", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-4867", datePublished: "2017-04-17T15:00:00", dateReserved: "2016-05-17T00:00:00", dateUpdated: "2024-08-06T00:46:38.555Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1150
Vulnerability from cvelistv5
Published
2016-02-17 02:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 | third-party-advisory, x_refsource_JVNDB | |
| https://cs.cybozu.co.jp/2015/006072.html | x_refsource_CONFIRM | |
| https://cs.cybozu.co.jp/2015/006087.html | x_refsource_CONFIRM | |
| https://cs.cybozu.co.jp/2016/006107.html | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN69278491/index.html | third-party-advisory, x_refsource_JVN | |
| https://cs.cybozu.co.jp/2016/006109.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:48:13.005Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2016-000026", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-15T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-02-17T01:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVNDB-2016-000026", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-1150", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2016-000026", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { name: "https://cs.cybozu.co.jp/2015/006072.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006072.html", }, { name: "https://cs.cybozu.co.jp/2015/006087.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006087.html", }, { name: "https://cs.cybozu.co.jp/2016/006107.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2016/006107.html", }, { name: "JVN#69278491", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { name: "https://cs.cybozu.co.jp/2016/006109.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-1150", datePublished: "2016-02-17T02:00:00", dateReserved: "2015-12-26T00:00:00", dateUpdated: "2024-08-05T22:48:13.005Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-30604
Vulnerability from cvelistv5
Published
2022-08-18 07:12
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:56:12.973Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.5", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-18T07:12:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2022-30604", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.5", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2022/007584.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2022/007584.html", }, { name: "https://jvn.jp/en/jp/JVN20573662/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2022-30604", datePublished: "2022-08-18T07:12:01", dateReserved: "2022-06-17T00:00:00", dateUpdated: "2024-08-03T06:56:12.973Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0703
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 03:35
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN15232217/index.html | third-party-advisory, x_refsource_JVN | |
| https://kb.cybozu.support/article/34088/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:35:48.939Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVN#15232217", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN15232217/index.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.cybozu.support/article/34088/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.1", }, ], }, ], datePublic: "2019-01-09T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.", }, ], problemTypes: [ { descriptions: [ { description: "Directory traversal", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-09T21:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVN#15232217", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "https://jvn.jp/en/jp/JVN15232217/index.html", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.cybozu.support/article/34088/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2018-0703", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.1", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Directory traversal", }, ], }, ], }, references: { reference_data: [ { name: "JVN#15232217", refsource: "JVN", url: "https://jvn.jp/en/jp/JVN15232217/index.html", }, { name: "https://kb.cybozu.support/article/34088/", refsource: "MISC", url: "https://kb.cybozu.support/article/34088/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2018-0703", datePublished: "2019-01-09T22:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-08-05T03:35:48.939Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8484
Vulnerability from cvelistv5
Published
2016-02-17 02:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2016/006110.html | x_refsource_CONFIRM | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN48720230/index.html | third-party-advisory, x_refsource_JVN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:20:41.753Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2016/006110.html", }, { name: "JVNDB-2016-000023", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { name: "JVN#48720230", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-18T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-02-17T01:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2016/006110.html", }, { name: "JVNDB-2016-000023", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { name: "JVN#48720230", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2015-8484", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2016/006110.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2016/006110.html", }, { name: "JVNDB-2016-000023", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { name: "JVN#48720230", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2015-8484", datePublished: "2016-02-17T02:00:00", dateReserved: "2015-12-07T00:00:00", dateUpdated: "2024-08-06T08:20:41.753Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20628
Vulnerability from cvelistv5
Published
2021-03-18 00:55
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC | |
| https://kb.cybozu.support/article/36868/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:45:45.027Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.cybozu.support/article/36868/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.4", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-18T00:55:59", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.cybozu.support/article/36868/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20628", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.4", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://jvn.jp/en/jp/JVN45797538/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { name: "https://kb.cybozu.support/article/36868/", refsource: "MISC", url: "https://kb.cybozu.support/article/36868/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20628", datePublished: "2021-03-18T00:55:59", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:45:45.027Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39817
Vulnerability from cvelistv5
Published
2024-08-06 04:54
Modified
2025-03-18 20:49
Severity ?
EPSS score ?
Summary
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.6 |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-39817", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-08T15:43:38.523183Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T20:49:27.740Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.6", }, ], }, ], descriptions: [ { lang: "en", value: "Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.", }, ], problemTypes: [ { descriptions: [ { description: "Insertion of Sensitive Information Into Sent Data", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-06T04:54:50.932Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://jvn.jp/en/jp/JVN29845579/", }, { url: "https://kb.cybozu.support/?product=office&v=&fv=10.8.7&t=%E8%84%86%E5%BC%B1%E6%80%A7&s=", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2024-39817", datePublished: "2024-08-06T04:54:50.932Z", dateReserved: "2024-07-26T04:55:12.517Z", dateUpdated: "2025-03-18T20:49:27.740Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20634
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC | |
| https://kb.cybozu.support/article/36865/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:45:45.208Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.cybozu.support/article/36865/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.4", }, ], }, ], descriptions: [ { lang: "en", value: "Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Access Control", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-18T00:56:03", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.cybozu.support/article/36865/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20634", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.4", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Access Control", }, ], }, ], }, references: { reference_data: [ { name: "https://jvn.jp/en/jp/JVN45797538/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { name: "https://kb.cybozu.support/article/36865/", refsource: "MISC", url: "https://kb.cybozu.support/article/36865/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20634", datePublished: "2021-03-18T00:56:03", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:45:45.208Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4866
Vulnerability from cvelistv5
Published
2017-04-17 15:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/93281 | vdb-entry, x_refsource_BID | |
| https://support.cybozu.com/ja-jp/article/9431 | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN06726266/index.html | third-party-advisory, x_refsource_JVN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:46:38.521Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2016-000185", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html", }, { name: "93281", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93281", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/9431", }, { name: "JVN#06726266", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN06726266/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-03T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-22T15:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVNDB-2016-000185", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html", }, { name: "93281", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93281", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/9431", }, { name: "JVN#06726266", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN06726266/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-4866", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2016-000185", refsource: "JVNDB", url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html", }, { name: "93281", refsource: "BID", url: "http://www.securityfocus.com/bid/93281", }, { name: "https://support.cybozu.com/ja-jp/article/9431", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/9431", }, { name: "JVN#06726266", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN06726266/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-4866", datePublished: "2017-04-17T15:00:00", dateReserved: "2016-05-17T00:00:00", dateUpdated: "2024-08-06T00:46:38.521Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4871
Vulnerability from cvelistv5
Published
2017-04-17 15:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97716 | vdb-entry, x_refsource_BID | |
| https://support.cybozu.com/ja-jp/article/9426 | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN10092452/index.html | third-party-advisory, x_refsource_JVN | |
| http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html | third-party-advisory, x_refsource_JVNDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:46:39.435Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "97716", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97716", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/9426", }, { name: "JVN#10092452", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN10092452/index.html", }, { name: "JVNDB-2016-000192", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-03T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-04-19T09:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "97716", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97716", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/9426", }, { name: "JVN#10092452", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN10092452/index.html", }, { name: "JVNDB-2016-000192", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-4871", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "97716", refsource: "BID", url: "http://www.securityfocus.com/bid/97716", }, { name: "https://support.cybozu.com/ja-jp/article/9426", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/9426", }, { name: "JVN#10092452", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN10092452/index.html", }, { name: "JVNDB-2016-000192", refsource: "JVNDB", url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-4871", datePublished: "2017-04-17T15:00:00", dateReserved: "2016-05-17T00:00:00", dateUpdated: "2024-08-06T00:46:39.435Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-33151
Vulnerability from cvelistv5
Published
2022-08-18 07:14
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T08:01:20.171Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.5", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-18T07:14:24", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2022-33151", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.5", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2022/007584.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2022/007584.html", }, { name: "https://jvn.jp/en/jp/JVN20573662/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2022-33151", datePublished: "2022-08-18T07:14:25", dateReserved: "2022-06-17T00:00:00", dateUpdated: "2024-08-03T08:01:20.171Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-25986
Vulnerability from cvelistv5
Published
2022-08-18 07:10
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:56:36.890Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.5", }, ], }, ], descriptions: [ { lang: "en", value: "Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Access Control", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-18T07:10:27", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2022-25986", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.5", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Access Control", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2022/007584.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2022/007584.html", }, { name: "https://jvn.jp/en/jp/JVN20573662/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2022-25986", datePublished: "2022-08-18T07:10:27", dateReserved: "2022-06-17T00:00:00", dateUpdated: "2024-08-03T04:56:36.890Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-5314
Vulnerability from cvelistv5
Published
2014-11-24 02:00
Modified
2024-08-06 11:41
Severity ?
EPSS score ?
Summary
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/62248 | third-party-advisory, x_refsource_SECUNIA | |
| http://jvn.jp/en/jp/JVN14691234/index.html | third-party-advisory, x_refsource_JVN | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130 | third-party-advisory, x_refsource_JVNDB | |
| https://cs.cybozu.co.jp/2014/1110-2.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T11:41:48.287Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "62248", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62248", }, { name: "JVN#14691234", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN14691234/index.html", }, { name: "JVNDB-2014-000130", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2014/1110-2.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-11-11T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-12-12T19:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "62248", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62248", }, { name: "JVN#14691234", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN14691234/index.html", }, { name: "JVNDB-2014-000130", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2014/1110-2.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2014-5314", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "62248", refsource: "SECUNIA", url: "http://secunia.com/advisories/62248", }, { name: "JVN#14691234", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN14691234/index.html", }, { name: "JVNDB-2014-000130", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130", }, { name: "https://cs.cybozu.co.jp/2014/1110-2.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2014/1110-2.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2014-5314", datePublished: "2014-11-24T02:00:00", dateReserved: "2014-08-18T00:00:00", dateUpdated: "2024-08-06T11:41:48.287Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-1335
Vulnerability from cvelistv5
Published
2011-06-29 17:00
Modified
2024-09-16 17:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "address book and user list functions."
References
| ▼ | URL | Tags |
|---|---|---|
| http://cs.cybozu.co.jp/information/20100816notice05.php | x_refsource_CONFIRM | |
| http://secunia.com/advisories/44992 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/45050 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/73320 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/48446 | vdb-entry, x_refsource_BID | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2011-000047 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN55508059/index.html | third-party-advisory, x_refsource_JVN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:21:34.224Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://cs.cybozu.co.jp/information/20100816notice05.php", }, { name: "44992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/44992", }, { name: "45050", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/45050", }, { name: "73320", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/73320", }, { name: "48446", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/48446", }, { name: "JVNDB-2011-000047", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000047", }, { name: "JVN#55508059", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN55508059/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"address book and user list functions.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-06-29T17:00:00Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://cs.cybozu.co.jp/information/20100816notice05.php", }, { name: "44992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/44992", }, { name: "45050", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/45050", }, { name: "73320", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/73320", }, { name: "48446", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/48446", }, { name: "JVNDB-2011-000047", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000047", }, { name: "JVN#55508059", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN55508059/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2011-1335", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"address book and user list functions.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://cs.cybozu.co.jp/information/20100816notice05.php", refsource: "CONFIRM", url: "http://cs.cybozu.co.jp/information/20100816notice05.php", }, { name: "44992", refsource: "SECUNIA", url: "http://secunia.com/advisories/44992", }, { name: "45050", refsource: "SECUNIA", url: "http://secunia.com/advisories/45050", }, { name: "73320", refsource: "OSVDB", url: "http://www.osvdb.org/73320", }, { name: "48446", refsource: "BID", url: "http://www.securityfocus.com/bid/48446", }, { name: "JVNDB-2011-000047", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000047", }, { name: "JVN#55508059", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN55508059/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2011-1335", datePublished: "2011-06-29T17:00:00Z", dateReserved: "2011-03-09T00:00:00Z", dateUpdated: "2024-09-16T17:17:46.778Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29487
Vulnerability from cvelistv5
Published
2022-08-18 07:11
Modified
2024-08-03 06:26
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:26:06.307Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.5", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-18T07:11:14", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2022-29487", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.5", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2022/007584.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2022/007584.html", }, { name: "https://jvn.jp/en/jp/JVN20573662/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2022-29487", datePublished: "2022-08-18T07:11:14", dateReserved: "2022-06-17T00:00:00", dateUpdated: "2024-08-03T06:26:06.307Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20632
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC | |
| https://kb.cybozu.support/article/36870/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:45:45.234Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.cybozu.support/article/36870/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.4", }, ], }, ], descriptions: [ { lang: "en", value: "Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Access Control", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-18T00:56:02", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.cybozu.support/article/36870/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20632", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.4", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Access Control", }, ], }, ], }, references: { reference_data: [ { name: "https://jvn.jp/en/jp/JVN45797538/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { name: "https://kb.cybozu.support/article/36870/", refsource: "MISC", url: "https://kb.cybozu.support/article/36870/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20632", datePublished: "2021-03-18T00:56:02", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:45:45.234Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1152
Vulnerability from cvelistv5
Published
2016-02-17 02:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN48720230/index.html | third-party-advisory, x_refsource_JVN | |
| https://cs.cybozu.co.jp/2015/006076.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:48:13.336Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2016-000023", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { name: "JVN#48720230", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006076.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-18T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-02-17T01:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVNDB-2016-000023", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { name: "JVN#48720230", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006076.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-1152", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2016-000023", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { name: "JVN#48720230", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, { name: "https://cs.cybozu.co.jp/2015/006076.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006076.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-1152", datePublished: "2016-02-17T02:00:00", dateReserved: "2015-12-26T00:00:00", dateUpdated: "2024-08-05T22:48:13.336Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20627
Vulnerability from cvelistv5
Published
2021-03-18 00:55
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC | |
| https://kb.cybozu.support/article/36873/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:45:45.334Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.cybozu.support/article/36873/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.4", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-18T00:55:58", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.cybozu.support/article/36873/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20627", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.4", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://jvn.jp/en/jp/JVN45797538/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { name: "https://kb.cybozu.support/article/36873/", refsource: "MISC", url: "https://kb.cybozu.support/article/36873/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20627", datePublished: "2021-03-18T00:55:58", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:45:45.334Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0528
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.cybozu.com/ja-jp/article/9812 | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN51737843/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.7.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:28:11.059Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/9812", }, { name: "JVN#51737843", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.7.0", }, ], }, ], datePublic: "2018-06-26T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Authentication bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-26T13:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/9812", }, { name: "JVN#51737843", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2018-0528", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.7.0", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Authentication bypass", }, ], }, ], }, references: { reference_data: [ { name: "https://support.cybozu.com/ja-jp/article/9812", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/9812", }, { name: "JVN#51737843", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2018-0528", datePublished: "2018-06-26T14:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-08-05T03:28:11.059Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-2116
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
EPSS score ?
Summary
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN17535578/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.securityfocus.com/bid/97717 | vdb-entry, x_refsource_BID | |
| https://support.cybozu.com/ja-jp/article/9736 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:39:32.279Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVN#17535578", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN17535578/index.html", }, { name: "97717", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97717", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/9736", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.5.0", }, ], }, ], datePublic: "2017-04-28T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete \"customapp\" templates via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Fails to restrict access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-01T09:57:02", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVN#17535578", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN17535578/index.html", }, { name: "97717", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97717", }, { tags: [ "x_refsource_MISC", ], url: "https://support.cybozu.com/ja-jp/article/9736", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2017-2116", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.5.0", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete \"customapp\" templates via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Fails to restrict access", }, ], }, ], }, references: { reference_data: [ { name: "JVN#17535578", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN17535578/index.html", }, { name: "97717", refsource: "BID", url: "http://www.securityfocus.com/bid/97717", }, { name: "https://support.cybozu.com/ja-jp/article/9736", refsource: "MISC", url: "https://support.cybozu.com/ja-jp/article/9736", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2017-2116", datePublished: "2017-04-28T16:00:00", dateReserved: "2016-12-01T00:00:00", dateUpdated: "2024-08-05T13:39:32.279Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20624
Vulnerability from cvelistv5
Published
2021-03-18 00:55
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.cybozu.support/article/36866/ | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:45:44.737Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.cybozu.support/article/36866/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.4", }, ], }, ], descriptions: [ { lang: "en", value: "Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Access Control", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-18T00:55:56", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.cybozu.support/article/36866/", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20624", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.4", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Access Control", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.cybozu.support/article/36866/", refsource: "MISC", url: "https://kb.cybozu.support/article/36866/", }, { name: "https://jvn.jp/en/jp/JVN45797538/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20624", datePublished: "2021-03-18T00:55:56", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:45:44.737Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1151
Vulnerability from cvelistv5
Published
2016-02-17 02:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000024 | third-party-advisory, x_refsource_JVNDB | |
| https://cs.cybozu.co.jp/2016/006111.html | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN64209269/index.html | third-party-advisory, x_refsource_JVN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:48:13.498Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2016-000024", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000024", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2016/006111.html", }, { name: "JVN#64209269", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN64209269/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-15T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-02-17T01:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVNDB-2016-000024", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000024", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2016/006111.html", }, { name: "JVN#64209269", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN64209269/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-1151", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2016-000024", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000024", }, { name: "https://cs.cybozu.co.jp/2016/006111.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2016/006111.html", }, { name: "JVN#64209269", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN64209269/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-1151", datePublished: "2016-02-17T02:00:00", dateReserved: "2015-12-26T00:00:00", dateUpdated: "2024-08-05T22:48:13.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1153
Vulnerability from cvelistv5
Published
2016-02-17 02:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000020 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN20246313/index.html | third-party-advisory, x_refsource_JVN | |
| https://cs.cybozu.co.jp/2016/006108.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:48:13.372Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2016-000020", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000020", }, { name: "JVN#20246313", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN20246313/index.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2016/006108.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-15T00:00:00", descriptions: [ { lang: "en", value: "customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-02-17T01:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVNDB-2016-000020", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000020", }, { name: "JVN#20246313", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN20246313/index.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2016/006108.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-1153", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2016-000020", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000020", }, { name: "JVN#20246313", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN20246313/index.html", }, { name: "https://cs.cybozu.co.jp/2016/006108.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2016/006108.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-1153", datePublished: "2016-02-17T02:00:00", dateReserved: "2015-12-26T00:00:00", dateUpdated: "2024-08-05T22:48:13.372Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8488
Vulnerability from cvelistv5
Published
2016-02-17 02:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2015/006075.html | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN28042424/index.html | third-party-advisory, x_refsource_JVN | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000021 | third-party-advisory, x_refsource_JVNDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:20:42.444Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006075.html", }, { name: "JVN#28042424", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN28042424/index.html", }, { name: "JVNDB-2016-000021", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-15T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-02-17T01:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006075.html", }, { name: "JVN#28042424", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN28042424/index.html", }, { name: "JVNDB-2016-000021", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2015-8488", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2015/006075.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006075.html", }, { name: "JVN#28042424", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN28042424/index.html", }, { name: "JVNDB-2016-000021", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2015-8488", datePublished: "2016-02-17T02:00:00", dateReserved: "2015-12-07T00:00:00", dateUpdated: "2024-08-06T08:20:42.444Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-30693
Vulnerability from cvelistv5
Published
2022-08-18 07:12
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:56:13.489Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.5", }, ], }, ], descriptions: [ { lang: "en", value: "Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-18T07:12:25", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2022-30693", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.5", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Exposure of Sensitive Information to an Unauthorized Actor", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2022/007584.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2022/007584.html", }, { name: "https://jvn.jp/en/jp/JVN20573662/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2022-30693", datePublished: "2022-08-18T07:12:25", dateReserved: "2022-06-17T00:00:00", dateUpdated: "2024-08-03T06:56:13.489Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-32544
Vulnerability from cvelistv5
Published
2022-08-18 07:13
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:46:44.333Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.5", }, ], }, ], descriptions: [ { lang: "en", value: "Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Authorization", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-18T07:13:36", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2022-32544", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.5", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Authorization", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2022/007584.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2022/007584.html", }, { name: "https://jvn.jp/en/jp/JVN20573662/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2022-32544", datePublished: "2022-08-18T07:13:37", dateReserved: "2022-06-17T00:00:00", dateUpdated: "2024-08-03T07:46:44.333Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-6023
Vulnerability from cvelistv5
Published
2019-12-26 15:16
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN79854355/index.html | x_refsource_MISC | |
| https://kb.cybozu.support/article/36130 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:16:24.755Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN79854355/index.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.cybozu.support/article/36130", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.3", }, ], }, ], descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.", }, ], problemTypes: [ { descriptions: [ { description: "Fails to restrict access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-26T15:16:50", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://jvn.jp/en/jp/JVN79854355/index.html", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.cybozu.support/article/36130", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2019-6023", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.3", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Fails to restrict access", }, ], }, ], }, references: { reference_data: [ { name: "http://jvn.jp/en/jp/JVN79854355/index.html", refsource: "MISC", url: "http://jvn.jp/en/jp/JVN79854355/index.html", }, { name: "https://kb.cybozu.support/article/36130", refsource: "MISC", url: "https://kb.cybozu.support/article/36130", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2019-6023", datePublished: "2019-12-26T15:16:50", dateReserved: "2019-01-10T00:00:00", dateUpdated: "2024-08-04T20:16:24.755Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-32283
Vulnerability from cvelistv5
Published
2022-08-18 07:12
Modified
2024-08-03 07:39
Severity ?
EPSS score ?
Summary
Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:39:50.529Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.5", }, ], }, ], descriptions: [ { lang: "en", value: "Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Access Control", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-18T07:12:44", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2022-32283", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.5", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Access Control", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2022/007584.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2022/007584.html", }, { name: "https://jvn.jp/en/jp/JVN20573662/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2022-32283", datePublished: "2022-08-18T07:12:44", dateReserved: "2022-06-17T00:00:00", dateUpdated: "2024-08-03T07:39:50.529Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0566
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.cybozu.com/ja-jp/article/10195 | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN51737843/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:28:11.216Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/10195", }, { name: "JVN#51737843", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.0", }, ], }, ], datePublic: "2018-06-26T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Authentication bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-26T13:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/10195", }, { name: "JVN#51737843", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2018-0566", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.0", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Authentication bypass", }, ], }, ], }, references: { reference_data: [ { name: "https://support.cybozu.com/ja-jp/article/10195", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/10195", }, { name: "JVN#51737843", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2018-0566", datePublished: "2018-06-26T14:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-08-05T03:28:11.216Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8483
Vulnerability from cvelistv5
Published
2016-02-17 02:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN71428831/index.html | third-party-advisory, x_refsource_JVN | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000025 | third-party-advisory, x_refsource_JVNDB | |
| https://cs.cybozu.co.jp/2015/006088.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:20:42.424Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVN#71428831", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN71428831/index.html", }, { name: "JVNDB-2016-000025", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000025", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006088.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-12-14T00:00:00", descriptions: [ { lang: "en", value: "Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-02-17T01:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVN#71428831", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN71428831/index.html", }, { name: "JVNDB-2016-000025", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000025", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006088.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2015-8483", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVN#71428831", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN71428831/index.html", }, { name: "JVNDB-2016-000025", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000025", }, { name: "https://cs.cybozu.co.jp/2015/006088.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006088.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2015-8483", datePublished: "2016-02-17T02:00:00", dateReserved: "2015-12-07T00:00:00", dateUpdated: "2024-08-06T08:20:42.424Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4869
Vulnerability from cvelistv5
Published
2017-04-17 15:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97715 | vdb-entry, x_refsource_BID | |
| http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN09736331/index.html | third-party-advisory, x_refsource_JVN | |
| https://support.cybozu.com/ja-jp/article/9428 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:46:38.556Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "97715", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97715", }, { name: "JVNDB-2016-000191", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html", }, { name: "JVN#09736331", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN09736331/index.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/9428", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-03T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-22T15:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "97715", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97715", }, { name: "JVNDB-2016-000191", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html", }, { name: "JVN#09736331", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN09736331/index.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/9428", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-4869", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "97715", refsource: "BID", url: "http://www.securityfocus.com/bid/97715", }, { name: "JVNDB-2016-000191", refsource: "JVNDB", url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html", }, { name: "JVN#09736331", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN09736331/index.html", }, { name: "https://support.cybozu.com/ja-jp/article/9428", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/9428", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-4869", datePublished: "2017-04-17T15:00:00", dateReserved: "2016-05-17T00:00:00", dateUpdated: "2024-08-06T00:46:38.556Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-10857
Vulnerability from cvelistv5
Published
2017-10-12 14:00
Modified
2024-08-05 17:50
Severity ?
EPSS score ?
Summary
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.cybozu.com/ja-jp/article/9811 | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN14658424/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.6.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:50:12.589Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/9811", }, { name: "JVN#14658424", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN14658424/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.6.1", }, ], }, ], datePublic: "2017-10-11T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via \"Cabinet\" function.", }, ], problemTypes: [ { descriptions: [ { description: "Fails to restrict access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-12T13:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/9811", }, { name: "JVN#14658424", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN14658424/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2017-10857", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.6.1", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via \"Cabinet\" function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Fails to restrict access", }, ], }, ], }, references: { reference_data: [ { name: "https://support.cybozu.com/ja-jp/article/9811", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/9811", }, { name: "JVN#14658424", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN14658424/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2017-10857", datePublished: "2017-10-12T14:00:00", dateReserved: "2017-07-04T00:00:00", dateUpdated: "2024-08-05T17:50:12.589Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20630
Vulnerability from cvelistv5
Published
2021-03-18 00:56
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN45797538/index.html | x_refsource_MISC | |
| https://kb.cybozu.support/article/36872/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:45:44.995Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.cybozu.support/article/36872/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.4", }, ], }, ], descriptions: [ { lang: "en", value: "Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Access Control", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-18T00:56:00", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.cybozu.support/article/36872/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20630", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.4", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Access Control", }, ], }, ], }, references: { reference_data: [ { name: "https://jvn.jp/en/jp/JVN45797538/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { name: "https://kb.cybozu.support/article/36872/", refsource: "MISC", url: "https://kb.cybozu.support/article/36872/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20630", datePublished: "2021-03-18T00:56:00", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:45:44.995Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8486
Vulnerability from cvelistv5
Published
2016-02-17 02:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN48720230/index.html | third-party-advisory, x_refsource_JVN | |
| https://cs.cybozu.co.jp/2015/006074.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:20:42.523Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2016-000023", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { name: "JVN#48720230", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006074.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-18T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-02-17T01:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVNDB-2016-000023", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { name: "JVN#48720230", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006074.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2015-8486", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2016-000023", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { name: "JVN#48720230", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, { name: "https://cs.cybozu.co.jp/2015/006074.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006074.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2015-8486", datePublished: "2016-02-17T02:00:00", dateReserved: "2015-12-07T00:00:00", dateUpdated: "2024-08-06T08:20:42.523Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0526
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN51737843/index.html | third-party-advisory, x_refsource_JVN | |
| https://support.cybozu.com/ja-jp/article/10030 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:28:11.208Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVN#51737843", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.cybozu.com/ja-jp/article/10030", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-26T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-26T13:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVN#51737843", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.cybozu.com/ja-jp/article/10030", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2018-0526", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVN#51737843", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { name: "https://support.cybozu.com/ja-jp/article/10030", refsource: "CONFIRM", url: "https://support.cybozu.com/ja-jp/article/10030", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2018-0526", datePublished: "2018-06-26T14:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-08-05T03:28:11.208Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8485
Vulnerability from cvelistv5
Published
2016-02-17 02:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023 | third-party-advisory, x_refsource_JVNDB | |
| https://cs.cybozu.co.jp/2015/006077.html | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN48720230/index.html | third-party-advisory, x_refsource_JVN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:20:42.516Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2016-000023", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cs.cybozu.co.jp/2015/006077.html", }, { name: "JVN#48720230", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-18T00:00:00", descriptions: [ { lang: "en", value: "Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-02-17T01:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVNDB-2016-000023", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cs.cybozu.co.jp/2015/006077.html", }, { name: "JVN#48720230", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2015-8485", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2016-000023", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { name: "https://cs.cybozu.co.jp/2015/006077.html", refsource: "CONFIRM", url: "https://cs.cybozu.co.jp/2015/006077.html", }, { name: "JVN#48720230", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2015-8485", datePublished: "2016-02-17T02:00:00", dateReserved: "2015-12-07T00:00:00", dateUpdated: "2024-08-06T08:20:42.516Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-33311
Vulnerability from cvelistv5
Published
2022-08-18 07:14
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2022/007584.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN20573662/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T08:01:20.570Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.5", }, ], }, ], descriptions: [ { lang: "en", value: "Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Access Control", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-18T07:14:48", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2022-33311", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.5", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Access Control", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2022/007584.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2022/007584.html", }, { name: "https://jvn.jp/en/jp/JVN20573662/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2022-33311", datePublished: "2022-08-18T07:14:48", dateReserved: "2022-06-17T00:00:00", dateUpdated: "2024-08-03T08:01:20.570Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-6022
Vulnerability from cvelistv5
Published
2019-12-26 15:16
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.cybozu.support/article/36124 | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN79854355/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:16:24.078Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.cybozu.support/article/36124", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN79854355/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Office", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "10.0.0 to 10.8.3", }, ], }, ], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.", }, ], problemTypes: [ { descriptions: [ { description: "Directory traversal", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-26T15:16:50", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.cybozu.support/article/36124", }, { tags: [ "x_refsource_MISC", ], url: "http://jvn.jp/en/jp/JVN79854355/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2019-6022", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Office", version: { version_data: [ { version_value: "10.0.0 to 10.8.3", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Directory traversal", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.cybozu.support/article/36124", refsource: "MISC", url: "https://kb.cybozu.support/article/36124", }, { name: "http://jvn.jp/en/jp/JVN79854355/index.html", refsource: "MISC", url: "http://jvn.jp/en/jp/JVN79854355/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2019-6022", datePublished: "2019-12-26T15:16:50", dateReserved: "2019-01-10T00:00:00", dateUpdated: "2024-08-04T20:16:24.078Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2017-04-28 16:59
Modified
2024-11-21 03:22
Severity ?
Summary
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN17535578/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/97717 | ||
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9737 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN17535578/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97717 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9737 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.4.0:*:*:*:*:*:*:*", matchCriteriaId: "BBA465B8-3852-4630-B16C-120F77DB1F8C", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.5.0:*:*:*:*:*:*:*", matchCriteriaId: "178094DD-30C6-49BF-A42A-4264FA5A61D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain \"customapp\" information via unspecified vectors.", }, { lang: "es", value: "Cybozu Office desde 10.0.0 a 10.5.0 permite a un atacante remoto autenticado sortear las restricciones de acceso para obtener información \"customapp\" a través de vectores no especificados.", }, ], id: "CVE-2017-2115", lastModified: "2024-11-21T03:22:55.647", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-28T16:59:01.167", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN17535578/index.html", }, { source: "vultures@jpcert.or.jp", url: "http://www.securityfocus.com/bid/97717", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9737", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN17535578/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/97717", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9737", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 02:59
Modified
2024-11-21 02:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150.", }, { lang: "es", value: "Vulnerabilidad de XSS en Cybozu Office 9.0.0 hasta la versión 10.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798 y CVE-2016-1150.", }, ], id: "CVE-2016-1149", lastModified: "2024-11-21T02:45:51.407", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T02:59:10.810", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-18 01:15
Modified
2024-11-21 05:46
Severity ?
Summary
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36868/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36868/ | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "A468F5BE-4EB2-464F-AE29-D0C98163C410", versionEndIncluding: "10.8.4", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*", matchCriteriaId: "97D4FFCF-5309-43B6-9FD5-680C6D535A7F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.", }, { lang: "es", value: "Una vulnerabilidad de Cross-site scripting en Address Book de Cybozu Office versiones 10.0.0 hasta 10.8.4, permite a atacantes remotos inyectar un script arbitrario por medio de vectores no especificados. Tome en cuenta que esta vulnerabilidad se produce solo cuando se usa Mozilla Firefox", }, ], id: "CVE-2021-20628", lastModified: "2024-11-21T05:46:54.353", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-18T01:15:11.797", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36868/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36868/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-17 15:59
Modified
2024-11-21 02:53
Severity ?
Summary
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN09736331/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/97715 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9428 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN09736331/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97715 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9428 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 | |
| cybozu | office | 10.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.4.0:*:*:*:*:*:*:*", matchCriteriaId: "BBA465B8-3852-4630-B16C-120F77DB1F8C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.", }, { lang: "es", value: "Cybozu Office versiones 9.0.0 hasta 10.4.0, permite a los atacantes remotos obtener información de la sesión por medio de una página donde se muestran las variables de entorno CGI.", }, ], id: "CVE-2016-4869", lastModified: "2024-11-21T02:53:08.807", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-17T15:59:00.323", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN09736331/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97715", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9428", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN09736331/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97715", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9428", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-17 15:59
Modified
2024-11-21 02:53
Severity ?
Summary
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN10092452/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/97716 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9426 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN10092452/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97716 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9426 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 | |
| cybozu | office | 10.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.4.0:*:*:*:*:*:*:*", matchCriteriaId: "BBA465B8-3852-4630-B16C-120F77DB1F8C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.", }, { lang: "es", value: "Cybozu Office 9.0.0 en versiones hasta 10.4.0 permite a atacantes remotos provocar una denegación de servicio.", }, ], id: "CVE-2016-4871", lastModified: "2024-11-21T02:53:09.043", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-17T15:59:00.400", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN10092452/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97716", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9426", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN10092452/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97716", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9426", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-26 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN51737843/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/10195 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN51737843/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/10195 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "A3245F8D-D056-409C-B764-3310BB2AB279", versionEndIncluding: "10.8.0", versionStartExcluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.", }, { lang: "es", value: "Cybozu Office, de la versión 10.0.0 a la 10.8.0, permite que los atacantes autenticados omitan la autenticación para obtener los horarios sin el privilegio de acceso mediante vectores sin especificar.", }, ], id: "CVE-2018-0566", lastModified: "2024-11-21T03:38:29.520", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-26T14:29:00.693", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://support.cybozu.com/ja-jp/article/10195", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.cybozu.com/ja-jp/article/10195", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-18 01:15
Modified
2024-11-21 05:46
Severity ?
Summary
Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36872/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36872/ | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "A468F5BE-4EB2-464F-AE29-D0C98163C410", versionEndIncluding: "10.8.4", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de control de acceso inapropiado en Phone Messages de Cybozu Office versiones 10.0.0 hasta 10.8.4, permite a atacantes autenticados omitir la restricción de acceso y obtener los datos de los Phone Messages por medio de vectores no especificados", }, ], id: "CVE-2021-20630", lastModified: "2024-11-21T05:46:54.553", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-18T01:15:11.950", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36872/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36872/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-17 15:59
Modified
2024-11-21 02:53
Severity ?
Summary
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN07148816/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/93461 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9429 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN07148816/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93461 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9429 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 | |
| cybozu | office | 10.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.4.0:*:*:*:*:*:*:*", matchCriteriaId: "BBA465B8-3852-4630-B16C-120F77DB1F8C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.", }, { lang: "es", value: "Cybozu Office versiones 9.0.0 hasta 10.4.0, permite a los atacantes autenticados remotos omitir la restricción de acceso para visualizar información del proyecto no autorizada por medio de la función Project.", }, ], id: "CVE-2016-4867", lastModified: "2024-11-21T02:53:08.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-17T15:59:00.243", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN07148816/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93461", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9429", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN07148816/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9429", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-28 16:59
Modified
2024-11-21 03:22
Severity ?
Summary
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN17535578/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/97717 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9736 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN17535578/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97717 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9736 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.4.0:*:*:*:*:*:*:*", matchCriteriaId: "BBA465B8-3852-4630-B16C-120F77DB1F8C", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.5.0:*:*:*:*:*:*:*", matchCriteriaId: "178094DD-30C6-49BF-A42A-4264FA5A61D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete \"customapp\" templates via unspecified vectors.", }, { lang: "es", value: "Cybozu Office 10.0.0 hasta 10.5.0 permite a un atacante remoto autenticado sortear la restricción de acceso para borrar plantillas \"customapp\" a través de vectores no especificados.", }, ], id: "CVE-2017-2116", lastModified: "2024-11-21T03:22:55.757", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-28T16:59:01.200", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN17535578/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97717", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN17535578/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97717", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9736", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-26 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN51737843/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/10200 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN51737843/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/10200 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "254D1013-6807-48A7-AC88-FB345FB27837", versionEndIncluding: "10.8.0", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad Cross-Site Scripting (XSS) en Cybozu Office, de la versión 10.0.0 a la 10.8.0, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios mediante vectores sin especificar.", }, ], id: "CVE-2018-0565", lastModified: "2024-11-21T03:38:29.397", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-26T14:29:00.630", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://support.cybozu.com/ja-jp/article/10200", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.cybozu.com/ja-jp/article/10200", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-17 15:59
Modified
2024-11-21 02:53
Severity ?
Summary
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN07148816/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html | VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/93461 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9442 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN07148816/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93461 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9442 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 | |
| cybozu | office | 10.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.4.0:*:*:*:*:*:*:*", matchCriteriaId: "BBA465B8-3852-4630-B16C-120F77DB1F8C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.", }, { lang: "es", value: "Cybozu Office versiones 9.0.0 hasta 10.4.0, permite a los atacantes autenticados remotos ejecutar operaciones no previstas por medio de la función Project.", }, ], id: "CVE-2016-4873", lastModified: "2024-11-21T02:53:09.300", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-17T15:59:00.463", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN07148816/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93461", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9442", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN07148816/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9442", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-275", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 02:59
Modified
2024-11-21 02:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.", }, { lang: "es", value: "Vulnerabilidad de XSS en Cybozu Office 9.0.0 hasta la versión 10.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149 y CVE-2016-1150.", }, ], id: "CVE-2015-7796", lastModified: "2024-11-21T02:37:25.220", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T02:59:01.123", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 02:59
Modified
2024-11-21 02:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.", }, { lang: "es", value: "Vulnerabilidad de XSS en Cybozu Office 9.0.0 hasta la versión 10.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149 y CVE-2016-1150.", }, ], id: "CVE-2015-7797", lastModified: "2024-11-21T02:37:25.337", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T02:59:02.090", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-10 11:28
Modified
2024-11-21 01:56
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "59515302-9DC8-417A-8607-733EF0FE144C", versionEndIncluding: "9.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de cross-site scripting (XSS) en la funcionalidad de personalización de página superior en Cybozu Office anteriores a 9.3.1 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados.", }, ], id: "CVE-2013-4703", lastModified: "2024-11-21T01:56:06.137", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-09-10T11:28:40.860", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://cs.cybozu.co.jp/information/20130909up11.php", }, { source: "vultures@jpcert.or.jp", url: "http://jvn.jp/en/jp/JVN53014207/index.html", }, { source: "vultures@jpcert.or.jp", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://cs.cybozu.co.jp/information/20130909up11.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvn.jp/en/jp/JVN53014207/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000082", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-18 01:15
Modified
2024-11-21 05:46
Severity ?
Summary
Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36871/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36871/ | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "A468F5BE-4EB2-464F-AE29-D0C98163C410", versionEndIncluding: "10.8.4", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de comprobación inapropiada de entrada en Custom App de Cybozu Office versiones 10.0.0 hasta 10.8.4, permite a un atacante autenticado alterar los datos de la Custom App por medio de vectores no especificados", }, ], id: "CVE-2021-20631", lastModified: "2024-11-21T05:46:54.650", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-18T01:15:12.013", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36871/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36871/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-17 15:59
Modified
2024-11-21 02:53
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN06726266/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/93281 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9430 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN06726266/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93281 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9430 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 | |
| cybozu | office | 10.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.4.0:*:*:*:*:*:*:*", matchCriteriaId: "BBA465B8-3852-4630-B16C-120F77DB1F8C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.", }, { lang: "es", value: "Una vulnerabilidad de tipo cross-site scripting en Cybozu Office versiones 9.0.0 hasta 10.4.0, permite a los atacantes con derechos de administrador inyectar script web o HTML arbitrario por medio de la función Customapp.", }, ], id: "CVE-2016-4865", lastModified: "2024-11-21T02:53:08.280", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-17T15:59:00.167", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN06726266/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93281", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN06726266/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93281", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9430", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 02:59
Modified
2024-11-21 02:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150.", }, { lang: "es", value: "Vulnerabilidad de XSS en Cybozu Office 9.0.0 hasta la versión 10.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149 y CVE-2016-1150.", }, ], id: "CVE-2015-7798", lastModified: "2024-11-21T02:37:25.453", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T02:59:03.107", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-18 08:15
Modified
2024-11-21 07:03
Severity ?
Summary
Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "BDA660D9-05D1-42A5-90C0-8E1C2B92E1E5", versionEndIncluding: "10.8.5", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de divulgación de información en la configuración del sistema de Cybozu Office versiones 10.0.0 a 10.8.5, permite a un atacante remoto obtener los datos del producto por medio de vectores no especificados.", }, ], id: "CVE-2022-30693", lastModified: "2024-11-21T07:03:10.970", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-18T08:15:07.730", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 02:59
Modified
2024-11-21 02:38
Severity ?
Summary
Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.", }, { lang: "es", value: "Vulnerabilidad de redirección abierta en Cybozu Office 10.2.0 hasta la versión 10.3.0 permite a atacantes remotos redirigir usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través de una URL manipulada.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/601.html\">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>", id: "CVE-2015-8483", lastModified: "2024-11-21T02:38:37.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T02:59:04.170", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN71428831/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000025", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006088.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN71428831/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000025", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006088.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-09 23:29
Modified
2024-11-21 03:38
Severity ?
Summary
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN15232217/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/34091/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN15232217/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/34091/ | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "E20F1F1B-169E-4D49-AEBA-67FE4F79B0EC", versionEndIncluding: "10.8.1", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en Cybozu Office, desde la versión 10.0.0 hasta la 10.8.1, permite que atacantes remotos eliminen archivos arbitrarios mediante la pantalla Keitai.", }, ], id: "CVE-2018-0704", lastModified: "2024-11-21T03:38:46.937", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-09T23:29:02.170", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN15232217/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/34091/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN15232217/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/34091/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-18 01:15
Modified
2024-11-21 05:46
Severity ?
Summary
Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36867/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36867/ | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "A468F5BE-4EB2-464F-AE29-D0C98163C410", versionEndIncluding: "10.8.4", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de Cross-site scripting en E-mail de Cybozu Office versiones 10.0.0 hasta 10.8.4, permite a atacantes remotos inyectar un script arbitrario por medio de vectores no especificados", }, ], id: "CVE-2021-20629", lastModified: "2024-11-21T05:46:54.457", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-18T01:15:11.873", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36867/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36867/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 02:59
Modified
2024-11-21 02:38
Severity ?
Summary
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152.", }, { lang: "es", value: "Cybozu Office 9.9.0 hasta la versión 10.3.0 permite a usuarios remotos autenticados eludir las restricciones destinadas a la visualización del calendario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-8485, CVE-2015-8486 y CVE-2016-1152.", }, ], id: "CVE-2015-8484", lastModified: "2024-11-21T02:38:37.777", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T02:59:05.247", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006110.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006110.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-18 01:15
Modified
2024-11-21 05:46
Severity ?
Summary
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36870/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36870/ | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "A468F5BE-4EB2-464F-AE29-D0C98163C410", versionEndIncluding: "10.8.4", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de control de acceso inapropiado en Bulletin Board de Cybozu Office versiones 10.0.0 hasta 10.8.4, permite a atacantes autenticados omitir la restricción de acceso y obtener los datos de Bulletin Board por medio de vectores no especificados", }, ], id: "CVE-2021-20632", lastModified: "2024-11-21T05:46:54.760", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-18T01:15:12.093", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36870/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36870/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-18 01:15
Modified
2024-11-21 05:46
Severity ?
Summary
Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36869/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36869/ | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "A468F5BE-4EB2-464F-AE29-D0C98163C410", versionEndIncluding: "10.8.4", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de control de acceso inapropiado en Cabinet de Cybozu Office versiones 10.0.0 hasta 10.8.4, permite a atacantes autenticados omitir la restricción de acceso y obtener la fecha de Cabinet por medio de vectores no especificados", }, ], id: "CVE-2021-20633", lastModified: "2024-11-21T05:46:54.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-18T01:15:12.170", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36869/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36869/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 02:59
Modified
2024-11-21 02:45
Severity ?
Summary
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486.", }, { lang: "es", value: "Cybozu Office 9.9.0 hasta la versión 10.3.0 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso, y leer o escribir la planificación de datos, a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-8484, CVE-2015-8485 y CVE-2015-8486.", }, ], id: "CVE-2016-1152", lastModified: "2024-11-21T02:45:51.737", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T02:59:13.827", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006076.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006076.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-26 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN51737843/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/10030 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN51737843/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/10030 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "18FBE1C9-73D9-4F83-A059-76FB719CDF00", versionEndIncluding: "10.7.0", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.", }, { lang: "es", value: "Cybozu Office, de la versión 10.0.0 a la 10.7.0, permite que los atacantes muestren una imagen en un servidor externo mediante vectores sin especificar.", }, ], id: "CVE-2018-0526", lastModified: "2024-11-21T03:38:24.853", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-26T14:29:00.223", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://support.cybozu.com/ja-jp/article/10030", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.cybozu.com/ja-jp/article/10030", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-17 15:59
Modified
2024-11-21 02:53
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN06726266/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/93281 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9431 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN06726266/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93281 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9431 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 | |
| cybozu | office | 10.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.4.0:*:*:*:*:*:*:*", matchCriteriaId: "BBA465B8-3852-4630-B16C-120F77DB1F8C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.", }, { lang: "es", value: "Una vulnerabilidad de tipo cross-site scripting en Cybozu Office versiones 9.0.0 hasta 10.4.0, permite a los atacantes con derechos de administrador inyectar script web o HTML arbitrario por medio de la función Project.", }, ], id: "CVE-2016-4866", lastModified: "2024-11-21T02:53:08.403", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-17T15:59:00.213", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN06726266/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93281", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9431", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN06726266/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93281", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9431", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-18 08:15
Modified
2024-11-21 07:06
Severity ?
Summary
Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "BDA660D9-05D1-42A5-90C0-8E1C2B92E1E5", versionEndIncluding: "10.8.5", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de omisión de restricciones de navegación en Cabinet de Cybozu Office versiones 10.0.0 a 10.8.5, permite a un atacante remoto autenticado obtener los datos de Cabinet por medio de vectores no especificados.", }, ], id: "CVE-2022-32283", lastModified: "2024-11-21T07:06:06.020", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-18T08:15:07.777", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-18 01:15
Modified
2024-11-21 05:46
Severity ?
Summary
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36873/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36873/ | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "A468F5BE-4EB2-464F-AE29-D0C98163C410", versionEndIncluding: "10.8.4", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de Cross-site scripting en Address Book de Cybozu Office versiones 10.0.0 hasta 10.8.4, permite a atacantes remotos inyectar un script arbitrario por medio de vectores no especificados", }, ], id: "CVE-2021-20627", lastModified: "2024-11-21T05:46:54.250", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-18T01:15:11.717", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36873/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36873/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-10-21 18:55
Modified
2024-11-21 01:28
Severity ?
Summary
Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "CDB07CB4-F535-4B8E-B892-7547706FEAF1", versionEndIncluding: "7", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:6:*:*:*:*:*:*:*", matchCriteriaId: "840B6B7E-3894-42FE-9703-9F58E3E1C343", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL.", }, { lang: "es", value: "Cybozu de Office anteriores a v8.0.0 permite a usuarios remotos autenticados a eludir las restricciones de acceso y acceder a la información confidencial a través de vectores no especificados relacionados con la manipulación de una URL.", }, ], id: "CVE-2011-2677", lastModified: "2024-11-21T01:28:44.627", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-10-21T18:55:00.773", references: [ { source: "vultures@jpcert.or.jp", url: "http://cs.cybozu.co.jp/information/20111005notice01.php", }, { source: "vultures@jpcert.or.jp", url: "http://jvn.jp/en/jp/JVN84838479/index.html", }, { source: "vultures@jpcert.or.jp", url: "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000079.html", }, { source: "vultures@jpcert.or.jp", url: "http://osvdb.org/76124", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46321", }, { source: "vultures@jpcert.or.jp", url: "http://www.securityfocus.com/bid/50015", }, { source: "vultures@jpcert.or.jp", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/70411", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://cs.cybozu.co.jp/information/20111005notice01.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvn.jp/en/jp/JVN84838479/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000079.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/76124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46321", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/50015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/70411", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-18 01:15
Modified
2024-11-21 05:46
Severity ?
Summary
Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36865/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36865/ | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "A468F5BE-4EB2-464F-AE29-D0C98163C410", versionEndIncluding: "10.8.4", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de control de acceso inapropiado en Custom App de Cybozu Office versiones 10.0.0 hasta 10.8.4, permite a atacantes autenticados omitir la restricción de acceso y obtener la fecha de Custom App por medio de vectores no especificados", }, ], id: "CVE-2021-20634", lastModified: "2024-11-21T05:46:54.960", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-18T01:15:12.247", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36865/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36865/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 02:59
Modified
2024-11-21 02:45
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.", }, { lang: "es", value: "Múltiples vulnerabilidades de CSRF en Cybozu Office 9.9.0 hasta la versión 10.3.0 permiten a atacantes remotos secuestrar la autenticación de usuarios arbitrarios.", }, ], id: "CVE-2016-1151", lastModified: "2024-11-21T02:45:51.637", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T02:59:12.827", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN64209269/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000024", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006111.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN64209269/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006111.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-18 01:15
Modified
2024-11-21 05:46
Severity ?
Summary
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36874/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36874/ | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "A468F5BE-4EB2-464F-AE29-D0C98163C410", versionEndIncluding: "10.8.4", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de control de acceso inapropiado en Bulletin Board de Cybozu Office versiones 10.0.0 hasta 10.8.4, permite a un atacante autenticado omitir la restricción de acceso y alterar los datos de Bulletin Board por medio de vectores no especificados", }, ], id: "CVE-2021-20625", lastModified: "2024-11-21T05:46:54.040", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-18T01:15:11.593", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36874/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36874/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-18 01:15
Modified
2024-11-21 05:46
Severity ?
Summary
Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36866/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36866/ | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "A468F5BE-4EB2-464F-AE29-D0C98163C410", versionEndIncluding: "10.8.4", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de control de acceso inapropiado en Scheduler de Cybozu Office versiones 10.0.0 hasta 10.8.4, permite a un atacante autenticado omitir la restricción de acceso y alterar los datos de Scheduler por medio de vectores no especificados", }, ], id: "CVE-2021-20624", lastModified: "2024-11-21T05:46:53.933", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-18T01:15:11.513", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36866/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36866/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-18 01:15
Modified
2024-11-21 05:46
Severity ?
Summary
Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36864/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN45797538/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36864/ | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "A468F5BE-4EB2-464F-AE29-D0C98163C410", versionEndIncluding: "10.8.4", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de control de acceso inapropiado en Workflow de Cybozu Office versiones 10.0.0 hasta 10.8.4, permite a atacantes autenticados omitir la restricción de acceso y alterar los datos de Workflow por medio de vectores no especificados", }, ], id: "CVE-2021-20626", lastModified: "2024-11-21T05:46:54.143", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-18T01:15:11.653", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36864/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45797538/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36864/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-18 08:15
Modified
2024-11-21 07:06
Severity ?
Summary
Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "BDA660D9-05D1-42A5-90C0-8E1C2B92E1E5", versionEndIncluding: "10.8.5", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de omisión de restricciones de operación en Project de Cybozu Office versiones 10.0.0 a 10.8.5, permite a un atacante remoto autenticado alterar los datos de Project por medio de vectores no especificados.", }, ], id: "CVE-2022-32544", lastModified: "2024-11-21T07:06:35.773", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-18T08:15:07.870", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 02:59
Modified
2024-11-21 02:38
Severity ?
Summary
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153.", }, { lang: "es", value: "customapp en Cybozu Office 9.9.0 hasta la versión 10.3.0 permite a usuarios remotos autenticados causar una denegación de servicio (bloqueo de base de datos excesiva) a través de un archivo CSV manipulado, una vulnerabilidad diferente a CVE-2016-1153.", }, ], id: "CVE-2015-8489", lastModified: "2024-11-21T02:38:38.350", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T02:59:09.873", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN20246313/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000020", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006073.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN20246313/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006073.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 02:59
Modified
2024-11-21 02:38
Severity ?
Summary
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152.", }, { lang: "es", value: "Cybozu Office 9.9.0 hasta la versión 10.3.0 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y leer títulos de reportes arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-8484, CVE-2015-8485 y CVE-2016-1152.", }, ], id: "CVE-2015-8486", lastModified: "2024-11-21T02:38:37.987", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T02:59:07.107", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006074.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006074.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-26 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN51737843/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/10029 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN51737843/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/10029 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "18FBE1C9-73D9-4F83-A059-76FB719CDF00", versionEndIncluding: "10.7.0", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad Cross-Site Scripting (XSS) en Cybozu Office, de la versión 10.0.0 a la 10.7.0, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios mediante vectores sin especificar.", }, ], id: "CVE-2018-0527", lastModified: "2024-11-21T03:38:24.990", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-26T14:29:00.270", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://support.cybozu.com/ja-jp/article/10029", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.cybozu.com/ja-jp/article/10029", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-10-12 14:29
Modified
2024-11-21 03:06
Severity ?
Summary
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN14658424/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9811 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN14658424/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9811 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.4.0:*:*:*:*:*:*:*", matchCriteriaId: "BBA465B8-3852-4630-B16C-120F77DB1F8C", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.5.0:*:*:*:*:*:*:*", matchCriteriaId: "178094DD-30C6-49BF-A42A-4264FA5A61D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.6.0:*:*:*:*:*:*:*", matchCriteriaId: "D59E18AD-EF62-48F6-8BFB-9598B3118301", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FB43B837-6C4B-4FDE-99F8-6446378750AD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via \"Cabinet\" function.", }, { lang: "es", value: "Cybozu Office desde la versión 10.0.0 hasta 10.6.1 permite que atacantes no autenticados omitan restricciones de acceso para realizar acciones arbitrarias mediante la función Cabinet.", }, ], id: "CVE-2017-10857", lastModified: "2024-11-21T03:06:38.660", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-10-12T14:29:00.217", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN14658424/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9811", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN14658424/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9811", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-17 15:59
Modified
2024-11-21 02:53
Severity ?
Summary
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN07148816/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/93461 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9424 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN07148816/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93461 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9424 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 | |
| cybozu | office | 10.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.4.0:*:*:*:*:*:*:*", matchCriteriaId: "BBA465B8-3852-4630-B16C-120F77DB1F8C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.", }, { lang: "es", value: "Cybozu Office versiones 9.0.0 hasta 10.4.0, permite a los atacantes autenticados remotos omitir las restricciones de acceso para visualizar los nombres de proyectos no autorizados por medio de una ruta de navegación previa (breadcrumb).", }, ], id: "CVE-2016-4872", lastModified: "2024-11-21T02:53:09.177", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-17T15:59:00.447", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN07148816/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93461", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9424", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN07148816/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9424", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-28 16:59
Modified
2024-11-21 03:22
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN17535578/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/97717 | ||
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9738 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN17535578/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97717 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9738 | Third Party Advisory, VDB Entry |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.4.0:*:*:*:*:*:*:*", matchCriteriaId: "BBA465B8-3852-4630-B16C-120F77DB1F8C", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.5.0:*:*:*:*:*:*:*", matchCriteriaId: "178094DD-30C6-49BF-A42A-4264FA5A61D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de cross-site scripting en Cybozu Office 10.0.0 hasta 10.5.0 permite a un atacante remoto autenticado inyectar script web o HTML a través de vectores no especificados.", }, ], id: "CVE-2017-2114", lastModified: "2024-11-21T03:22:55.540", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-28T16:59:01.137", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN17535578/index.html", }, { source: "vultures@jpcert.or.jp", url: "http://www.securityfocus.com/bid/97717", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://support.cybozu.com/ja-jp/article/9738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN17535578/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/97717", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://support.cybozu.com/ja-jp/article/9738", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-17 15:59
Modified
2024-11-21 02:53
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN06726266/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/93281 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9427 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN06726266/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93281 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9427 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 | |
| cybozu | office | 10.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.4.0:*:*:*:*:*:*:*", matchCriteriaId: "BBA465B8-3852-4630-B16C-120F77DB1F8C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.", }, { lang: "es", value: "Una vulnerabilidad de tipo cross-site scripting en Cybozu Office versiones 9.0.0 hasta 10.4.0, permite a los atacantes autenticados remotos inyectar script web o HTML arbitrario por medio de la función Schedule.", }, ], id: "CVE-2016-4870", lastModified: "2024-11-21T02:53:08.920", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-17T15:59:00.353", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN06726266/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93281", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9427", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN06726266/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93281", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9427", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-18 08:15
Modified
2024-11-21 06:57
Severity ?
Summary
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "BDA660D9-05D1-42A5-90C0-8E1C2B92E1E5", versionEndIncluding: "10.8.5", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de tipo Cross-site scripting en los parámetros específicos de Cybozu Office versiones 10.0.0 a 10.8.5, permite a un atacante remoto inyectar un script arbitrario por medio de vectores no especificados.", }, ], id: "CVE-2022-28715", lastModified: "2024-11-21T06:57:47.593", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-18T08:15:07.410", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 02:59
Modified
2024-11-21 02:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.", }, { lang: "es", value: "Vulnerabilidad de XSS en Cybozu Office 9.0.0 hasta la versión 10.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149 y CVE-2016-1150.", }, ], id: "CVE-2015-7795", lastModified: "2024-11-21T02:37:25.103", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T02:59:00.123", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-18 08:15
Modified
2024-11-21 06:59
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "BDA660D9-05D1-42A5-90C0-8E1C2B92E1E5", versionEndIncluding: "10.8.5", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de tipo cross-site scripting en Cybozu Office versiones 10.0.0 a 10.8.5, permite a un atacante remoto inyectar un script arbitrario por medio de vectores no especificados.", }, ], id: "CVE-2022-29487", lastModified: "2024-11-21T06:59:10.503", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-18T08:15:07.463", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-18 08:15
Modified
2024-11-21 07:08
Severity ?
Summary
Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "BDA660D9-05D1-42A5-90C0-8E1C2B92E1E5", versionEndIncluding: "10.8.5", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de omisión de la restricción de navegación en Address Book de Cybozu Office versiones 10.0.0 a 10.8.5, permite a un atacante remoto autenticado obtener los datos de la Libreta de direcciones por medio de vectores no especificados.", }, ], id: "CVE-2022-33311", lastModified: "2024-11-21T07:08:09.383", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-18T08:15:08.010", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-26 16:15
Modified
2024-11-21 04:45
Severity ?
Summary
Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN79854355/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36130 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN79854355/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36130 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "BED85713-9650-42DD-B4E4-D9AD3307A3A7", versionEndIncluding: "10.8.3", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.", }, { lang: "es", value: "Cybozu Office versiones 10.0.0 hasta 10.8.3, permite a atacantes autenticados remotos omitir la restricción de acceso que puede resultar en una obtención de datos sin privilegios de acceso por medio de la aplicación \"Address\".", }, ], id: "CVE-2019-6023", lastModified: "2024-11-21T04:45:56.073", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-26T16:15:12.077", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN79854355/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36130", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN79854355/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36130", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-18 08:15
Modified
2024-11-21 06:53
Severity ?
Summary
Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "BDA660D9-05D1-42A5-90C0-8E1C2B92E1E5", versionEndIncluding: "10.8.5", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.", }, { lang: "es", value: "Una vulnerabilidad de omisión de restricciones de navegación en Scheduler of Cybozu Office versiones 10.0.0 a 10.8.5, permite a un atacante remoto autenticado obtener los datos del Programador.", }, ], id: "CVE-2022-25986", lastModified: "2024-11-21T06:53:16.997", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-18T08:15:07.337", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-26 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN51737843/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9812 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN51737843/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9812 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "18FBE1C9-73D9-4F83-A059-76FB719CDF00", versionEndIncluding: "10.7.0", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.", }, { lang: "es", value: "Cybozu Garoon, de la versión 10.0.0 a la 10.7.0, permite que los atacantes autenticados omitan la autenticación para ver los horarios a los que no se les permite acceder mediante vectores sin especificar.", }, ], id: "CVE-2018-0528", lastModified: "2024-11-21T03:38:25.103", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-26T14:29:00.317", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9812", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9812", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-17 15:59
Modified
2024-11-21 02:53
Severity ?
Summary
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN08736331/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/97713 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9433 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN08736331/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97713 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9433 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 | |
| cybozu | office | 10.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.4.0:*:*:*:*:*:*:*", matchCriteriaId: "BBA465B8-3852-4630-B16C-120F77DB1F8C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.", }, { lang: "es", value: "Una vulnerabilidad de la inyección de encabezado de correo electrónico en Cybozu Office versiones 9.0.0 hasta 10.4.0, permite a los atacantes remotos inyectar encabezados de correo electrónico arbitrarios para enviar correos electrónicos no previstos por medio de peticiones especialmente diseñadas.", }, ], id: "CVE-2016-4868", lastModified: "2024-11-21T02:53:08.673", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-17T15:59:00.277", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN08736331/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97713", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9433", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN08736331/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97713", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9433", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-18 08:15
Modified
2024-11-21 07:03
Severity ?
Summary
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "BDA660D9-05D1-42A5-90C0-8E1C2B92E1E5", versionEndIncluding: "10.8.5", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de tipo cross-site scripting en los parámetros específicos de Cybozu Office versiones 10.0.0 a 10.8.5, permite a un atacante remoto inyectar un script arbitrario por medio de vectores no especificados.", }, ], id: "CVE-2022-30604", lastModified: "2024-11-21T07:03:00.793", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-18T08:15:07.683", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 02:59
Modified
2024-11-21 02:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149.", }, { lang: "es", value: "Vulnerabilidad de XSS en Cybozu Office 9.0.0 hasta la versión 10.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798 y CVE-2016-1149.", }, ], id: "CVE-2016-1150", lastModified: "2024-11-21T02:45:51.520", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T02:59:11.827", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN69278491/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006072.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006087.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006107.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006109.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 02:59
Modified
2024-11-21 02:38
Severity ?
Summary
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152.", }, { lang: "es", value: "Cybozu Office 9.9.0 hasta la versión 10.3.0 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y leer la publicación de títulos arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-8484, CVE-2015-8486 y CVE-2016-1152.", }, ], id: "CVE-2015-8485", lastModified: "2024-11-21T02:38:37.883", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T02:59:06.247", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006077.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN48720230/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006077.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-18 08:15
Modified
2024-11-21 07:06
Severity ?
Summary
Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "BDA660D9-05D1-42A5-90C0-8E1C2B92E1E5", versionEndIncluding: "10.8.5", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de omisión de restricciones de operación en el Programador de Cybozu Office versiones 10.0.0 a 10.8.5, permite a un atacante remoto autenticado alterar los datos del Programador por medio de vectores no especificados.", }, ], id: "CVE-2022-32583", lastModified: "2024-11-21T07:06:40.780", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-18T08:15:07.913", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-26 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN51737843/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/10052 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN51737843/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/10052 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "18FBE1C9-73D9-4F83-A059-76FB719CDF00", versionEndIncluding: "10.7.0", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.", }, { lang: "es", value: "Cybozu Office, de la versión 10.0.0 a la 10.7.0, permite que los atacantes remotos provoquen una denegación de servicio (DoS) mediante vectores sin especificar.", }, ], id: "CVE-2018-0529", lastModified: "2024-11-21T03:38:25.220", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-26T14:29:00.380", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://support.cybozu.com/ja-jp/article/10052", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.cybozu.com/ja-jp/article/10052", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-11-24 02:59
Modified
2024-11-21 02:11
Severity ?
Summary
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "142452AB-E9B0-4E43-AD9C-474FB5C51528", versionEndIncluding: "10.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:dezie:*:*:*:*:*:*:*:*", matchCriteriaId: "14A8A40C-FA58-487B-A2B2-CA1B14AC67A1", versionEndIncluding: "8.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:mailwise:*:*:*:*:*:*:*:*", matchCriteriaId: "FD43C232-8895-43B5-9E99-BCAAF1A6B5D6", versionEndIncluding: "5.1.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:mailwise:4.0:*:*:*:*:*:*:*", matchCriteriaId: "15C487FD-CFC3-4E63-8E8D-0DFD4BEF678D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.", }, { lang: "es", value: "Desbordamiento de buffer en Cybozu Office 9 y 10 anterior a 10.1.0, Mailwise 4 y 5 anterior a 5.1.4, y Dezie 8 anterior a 8.1.1 permite a usuarios remotos autenticados ejecutar código arbitrario a través de mensajes de email.", }, ], id: "CVE-2014-5314", lastModified: "2024-11-21T02:11:49.197", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-11-24T02:59:00.083", references: [ { source: "vultures@jpcert.or.jp", url: "http://jvn.jp/en/jp/JVN14691234/index.html", }, { source: "vultures@jpcert.or.jp", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130", }, { source: "vultures@jpcert.or.jp", url: "http://secunia.com/advisories/62248", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2014/1110-2.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvn.jp/en/jp/JVN14691234/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/62248", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2014/1110-2.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 02:59
Modified
2024-11-21 02:38
Severity ?
Summary
Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.", }, { lang: "es", value: "Cybozu Office 10.3.0 permite a atacantes remotos leer archivos de imagen a través de un mensaje de correo electrónico manipulado, una vulnerabilidad diferente a CVE-2015-8487.", }, ], id: "CVE-2015-8488", lastModified: "2024-11-21T02:38:38.237", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T02:59:08.920", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN28042424/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000021", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006075.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN28042424/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006075.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-09 23:29
Modified
2024-11-21 03:38
Severity ?
Summary
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN15232217/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/34088/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN15232217/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/34088/ | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "E20F1F1B-169E-4D49-AEBA-67FE4F79B0EC", versionEndIncluding: "10.8.1", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en Cybozu Office, desde la versión 10.0.0 hasta la 10.8.1, permite que un atacante remoto elimine archivos arbitrarios mediante peticiones HTTP sin especificar.", }, ], id: "CVE-2018-0703", lastModified: "2024-11-21T03:38:46.820", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-09T23:29:02.123", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN15232217/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/34088/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN15232217/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/34088/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 02:59
Modified
2024-11-21 02:45
Severity ?
Summary
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489.", }, { lang: "es", value: "customapp en Cybozu Office 9.9.0 hasta la versión 10.3.0 permite a usuarios remotos autenticados causar una denegación de servicio a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-8489.", }, ], id: "CVE-2016-1153", lastModified: "2024-11-21T02:45:51.850", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T02:59:14.810", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN20246313/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000020", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006108.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN20246313/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2016/006108.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-06-29 17:55
Modified
2024-11-21 01:26
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "address book and user list functions."
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:6:*:*:*:*:*:*:*", matchCriteriaId: "840B6B7E-3894-42FE-9703-9F58E3E1C343", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:7:*:*:*:*:*:*:*", matchCriteriaId: "8AB4369A-919A-49BB-97B2-F5E21044FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:8:*:*:*:*:*:*:*", matchCriteriaId: "AA7ABA8C-6584-414A-A91A-2942F11A9EF6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"address book and user list functions.\"", }, { lang: "es", value: "Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cybozu Office v6, v7, y v8 antes de v8.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con \"funciones de la libreta de direcciones y la lista de usuarios\"", }, ], id: "CVE-2011-1335", lastModified: "2024-11-21T01:26:06.417", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2011-06-29T17:55:03.003", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Patch", "Vendor Advisory", ], url: "http://cs.cybozu.co.jp/information/20100816notice05.php", }, { source: "vultures@jpcert.or.jp", url: "http://jvn.jp/en/jp/JVN55508059/index.html", }, { source: "vultures@jpcert.or.jp", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000047", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/44992", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/45050", }, { source: "vultures@jpcert.or.jp", url: "http://www.osvdb.org/73320", }, { source: "vultures@jpcert.or.jp", url: "http://www.securityfocus.com/bid/48446", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://cs.cybozu.co.jp/information/20100816notice05.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvn.jp/en/jp/JVN55508059/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000047", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/44992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/45050", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/73320", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/48446", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 02:59
Modified
2024-11-21 02:38
Severity ?
Summary
Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.", }, { lang: "es", value: "Cybozu Office 9.0.0 hasta la versión 10.3 permite a atacantes remotos descubrir tokens CSRF a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-8488.", }, ], id: "CVE-2015-8487", lastModified: "2024-11-21T02:38:38.103", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T02:59:08.013", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN47296923/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000022", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006071.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN47296923/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2015/006071.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-18 08:15
Modified
2024-11-21 07:07
Severity ?
Summary
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "BDA660D9-05D1-42A5-90C0-8E1C2B92E1E5", versionEndIncluding: "10.8.5", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de scripting en los parámetros específicos de Cybozu Office versiones 10.0.0 a 10.8.5, permite a atacantes remotos inyectar un script arbitrario por vectores no especificados.", }, ], id: "CVE-2022-33151", lastModified: "2024-11-21T07:07:36.380", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-18T08:15:07.960", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-06-29 17:55
Modified
2024-11-21 01:26
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the mail system."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 6 | |
| cybozu | garoon | 2.0.0 | |
| cybozu | garoon | 2.0.1 | |
| cybozu | garoon | 2.0.2 | |
| cybozu | garoon | 2.0.3 | |
| cybozu | garoon | 2.0.4 | |
| cybozu | garoon | 2.0.5 | |
| cybozu | garoon | 2.0.6 | |
| cybozu | garoon | 2.1.0 | |
| cybozu | garoon | 2.1.1 | |
| cybozu | garoon | 2.1.2 | |
| cybozu | garoon | 2.1.3 | |
| cybozu | dezie | * | |
| cybozu | dezie | 1.0 | |
| cybozu | dezie | 2.0 | |
| cybozu | dezie | 3.0 | |
| cybozu | dezie | 4.0 | |
| cybozu | dezie | 5.0 | |
| cybozu | dezie | 5.1 | |
| cybozu | mailwise | * | |
| cybozu | mailwise | 1.0 | |
| cybozu | mailwise | 2.0 | |
| cybozu | mailwise | 2.1 | |
| cybozu | collaborex | * | |
| cybozu | collaborex | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:6:*:*:*:*:*:*:*", matchCriteriaId: "840B6B7E-3894-42FE-9703-9F58E3E1C343", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1556F99E-1609-44FF-83F0-F43FBDE738A4", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "348C389E-ADFD-4D2C-AA54-220664EA2755", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "48F3F19B-25A7-4E9E-9961-1F7C8DBC0327", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "08AE0E10-87A4-4862-A873-A943F44A9862", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "C88D773E-B6DE-4FD2-A911-0D13C6CA902C", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "C846A750-F26E-4F1F-85A3-F95BCC9F8A3E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "2E139B6A-2F36-4EB5-BA1F-84D67C89E935", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "6F585001-37C9-42F5-8B13-56827E6AC785", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "277403E7-3CD9-458C-9669-FB983FF94568", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:dezie:*:*:*:*:*:*:*:*", matchCriteriaId: "A008D879-B6CC-4B4E-AC09-2EE95C766C97", versionEndIncluding: "6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:dezie:1.0:*:*:*:*:*:*:*", matchCriteriaId: "2AF84B9B-33F4-4AC2-BD73-75F534C2C44F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:dezie:2.0:*:*:*:*:*:*:*", matchCriteriaId: "215F885A-9E88-4A1A-9DC2-D3F0C49D5EEE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:dezie:3.0:*:*:*:*:*:*:*", matchCriteriaId: "485DBA87-EC8A-42B7-A733-75DCC80D582F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:dezie:4.0:*:*:*:*:*:*:*", matchCriteriaId: "8402C259-A94C-4565-8966-A7EBC6309D78", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:dezie:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B8FB82E3-EA14-4A4A-949A-FCB0FDF53933", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:dezie:5.1:*:*:*:*:*:*:*", matchCriteriaId: "7E63153C-484C-408A-B147-BB25D93F3B19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:mailwise:*:*:*:*:*:*:*:*", matchCriteriaId: "2B063F64-8A73-4D16-B6CB-FC832CAA91F2", versionEndIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:mailwise:1.0:*:*:*:*:*:*:*", matchCriteriaId: "51929894-F74C-4F8D-A12F-73CBA4FED396", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:mailwise:2.0:*:*:*:*:*:*:*", matchCriteriaId: "EE25F18D-2317-4646-A00A-D627E3BF3868", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:mailwise:2.1:*:*:*:*:*:*:*", matchCriteriaId: "6A28D9F5-6A27-42B5-8640-8560D68D930E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:collaborex:*:*:*:*:*:*:*:*", matchCriteriaId: "E1271BA9-9FD3-444C-B36F-68B4C0AA3189", versionEndIncluding: "1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:collaborex:1.0:*:*:*:*:*:*:*", matchCriteriaId: "A910D1FE-CBF2-4AF5-B322-A1B87E53D75F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the mail system.\"", }, { lang: "es", value: "Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cybozu Office v6, Cybozu Garoon v2.0.0 hasta v2.1.3, Cybozu Dezie antes de v6.1, Cybozu MailWise antes de v3.1, y Cybozu Collaborex antes de v1.5 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con \"la descarga de archivos gráficos desde el sistema de correo\".", }, ], id: "CVE-2011-1334", lastModified: "2024-11-21T01:26:06.300", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2011-06-29T17:55:02.877", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Patch", "Vendor Advisory", ], url: "http://cybozu.co.jp/products/dl/notice/detail/0019.html", }, { source: "vultures@jpcert.or.jp", url: "http://jvn.jp/en/jp/JVN54074460/index.html", }, { source: "vultures@jpcert.or.jp", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/45043", }, { source: "vultures@jpcert.or.jp", url: "http://www.osvdb.org/73317", }, { source: "vultures@jpcert.or.jp", url: "http://www.securityfocus.com/bid/48446", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://cybozu.co.jp/products/dl/notice/detail/0019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvn.jp/en/jp/JVN54074460/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/45043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/73317", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/48446", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-17 15:59
Modified
2024-11-21 02:53
Severity ?
Summary
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN11288252/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/97719 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9434 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN11288252/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97719 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9434 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 9.0 | |
| cybozu | office | 9.1.0 | |
| cybozu | office | 9.2.0 | |
| cybozu | office | 9.2.1 | |
| cybozu | office | 9.3.0 | |
| cybozu | office | 9.3.1 | |
| cybozu | office | 9.3.2 | |
| cybozu | office | 9.9.0 | |
| cybozu | office | 10.0.0 | |
| cybozu | office | 10.0.1 | |
| cybozu | office | 10.0.2 | |
| cybozu | office | 10.1.0 | |
| cybozu | office | 10.1.2 | |
| cybozu | office | 10.2.0 | |
| cybozu | office | 10.3.0 | |
| cybozu | office | 10.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B029709C-5ED7-4F29-8DA9-AFF9D678429F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C71A2292-BEEF-4449-992C-B8535E0EF969", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "3CF1B981-0417-430F-9BB3-7292D297557E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", matchCriteriaId: "59BDE89C-C891-4517-877D-26B5E4D87E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F02CF334-548D-4B9B-8732-A85D97E003C5", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A968E493-5C74-45FB-BA4E-C21D66613480", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", matchCriteriaId: "664B383F-3C96-406C-B0B9-041F26F1F5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:office:10.4.0:*:*:*:*:*:*:*", matchCriteriaId: "BBA465B8-3852-4630-B16C-120F77DB1F8C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a \"reflected file download\" attack.", }, { lang: "es", value: "Cybozu Office 9.0.0 en versiones hasta 10.4.0 permite a atacantes remotos provocar un ataque \"descarga del archivo reflejado\".", }, ], id: "CVE-2016-4874", lastModified: "2024-11-21T02:53:09.447", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-17T15:59:00.510", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN11288252/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97719", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9434", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN11288252/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97719", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.cybozu.com/ja-jp/article/9434", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-18 08:15
Modified
2024-11-21 07:06
Severity ?
Summary
HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "BDA660D9-05D1-42A5-90C0-8E1C2B92E1E5", versionEndIncluding: "10.8.5", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de inyección de encabezado HTTP en Cybozu Office versiones 10.0.0 a 10.8.5, puede permitir a un atacante remoto obtener y/o alterar los datos del producto por medio de vectores no especificados.", }, ], id: "CVE-2022-32453", lastModified: "2024-11-21T07:06:22.840", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-18T08:15:07.823", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-26 16:15
Modified
2024-11-21 04:45
Severity ?
Summary
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN79854355/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36124 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN79854355/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36124 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "BED85713-9650-42DD-B4E4-D9AD3307A3A7", versionEndIncluding: "10.8.3", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.", }, { lang: "es", value: "Una vulnerabilidad de salto de directorio en Cybozu Office versiones 10.0.0 hasta 10.8.3, permite a atacantes autenticados remotos alterar archivos arbitrarios por medio de la función \"Customapp\".", }, ], id: "CVE-2019-6022", lastModified: "2024-11-21T04:45:55.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-26T16:15:11.983", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN79854355/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN79854355/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/article/36124", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-26 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN51737843/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/10198 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN51737843/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/10198 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "254D1013-6807-48A7-AC88-FB345FB27837", versionEndIncluding: "10.8.0", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.", }, { lang: "es", value: "Cybozu Office, de la versión 10.0.0 a la 10.8.0, permite que los atacantes autenticados omitan las restricciones de acceso para acceder y escribir datos no públicos mediante vectores sin especificar.", }, ], id: "CVE-2018-0567", lastModified: "2024-11-21T03:38:29.647", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-26T14:29:00.740", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://support.cybozu.com/ja-jp/article/10198", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN51737843/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.cybozu.com/ja-jp/article/10198", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-06-29 17:55
Modified
2024-11-21 01:26
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board system."
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1556F99E-1609-44FF-83F0-F43FBDE738A4", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "348C389E-ADFD-4D2C-AA54-220664EA2755", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "48F3F19B-25A7-4E9E-9961-1F7C8DBC0327", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "08AE0E10-87A4-4862-A873-A943F44A9862", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "C88D773E-B6DE-4FD2-A911-0D13C6CA902C", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "C846A750-F26E-4F1F-85A3-F95BCC9F8A3E", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "2E139B6A-2F36-4EB5-BA1F-84D67C89E935", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "6F585001-37C9-42F5-8B13-56827E6AC785", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9", vulnerable: true, }, { criteria: "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "277403E7-3CD9-458C-9669-FB983FF94568", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:6:*:*:*:*:*:*:*", matchCriteriaId: "840B6B7E-3894-42FE-9703-9F58E3E1C343", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the bulletin board system.\"", }, { lang: "es", value: "Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cybozu Office v6 y Cybozu Garoon v2.0.0 hasta v2.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con \"la descarga de archivos gráficos desde el panel de sistema de boletines\"", }, ], id: "CVE-2011-1333", lastModified: "2024-11-21T01:26:06.180", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2011-06-29T17:55:02.817", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Patch", "Vendor Advisory", ], url: "http://cybozu.co.jp/products/dl/notice/detail/0019.html", }, { source: "vultures@jpcert.or.jp", url: "http://jvn.jp/en/jp/JVN80877328/index.html", }, { source: "vultures@jpcert.or.jp", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000045", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/45063", }, { source: "vultures@jpcert.or.jp", url: "http://www.osvdb.org/73327", }, { source: "vultures@jpcert.or.jp", url: "http://www.securityfocus.com/bid/48446", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://cybozu.co.jp/products/dl/notice/detail/0019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvn.jp/en/jp/JVN80877328/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000045", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/45063", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/73327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/48446", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-06 05:15
Modified
2025-03-18 21:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN29845579/ | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/?product=office&v=&fv=10.8.7&t=%E8%84%86%E5%BC%B1%E6%80%A7&s= | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "CF84F6B3-FC38-411E-BFB7-046737172C24", versionEndExcluding: "10.8.7", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.", }, { lang: "es", value: "Existe un problema de inserción de información confidencial en los datos enviados en Cybozu Office 10.0.0 a 10.8.6, lo que puede permitir que un usuario que puede iniciar sesión en el producto vea datos a los que el usuario no tiene acceso realizando una \"búsqueda\" bajo ciertas condiciones en Aplicación personalizada.", }, ], id: "CVE-2024-39817", lastModified: "2025-03-18T21:15:28.040", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-08-06T05:15:41.087", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN29845579/", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://kb.cybozu.support/?product=office&v=&fv=10.8.7&t=%E8%84%86%E5%BC%B1%E6%80%A7&s=", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-200", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-18 08:15
Modified
2024-11-21 06:59
Severity ?
Summary
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007584.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN20573662/index.html | Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*", matchCriteriaId: "BDA660D9-05D1-42A5-90C0-8E1C2B92E1E5", versionEndIncluding: "10.8.5", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de omisión de la restricción de navegación en Custom Ap de Cybozu Office versiones 10.0.0 a 10.8.5, permite a un atacante remoto autenticado obtener los datos de Custom App por medio de vectores no especificados.", }, ], id: "CVE-2022-29891", lastModified: "2024-11-21T06:59:55.037", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-18T08:15:07.513", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cs.cybozu.co.jp/2022/007584.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN20573662/index.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-201404-0592
Vulnerability from variot
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. OpenSSL of heartbeat An information disclosure vulnerability exists in the implementation of the extension. TLS And DTLS In communication OpenSSL The memory contents of the process executing this code may be leaked to the communication partner.An important information such as a private key may be obtained by a remote third party. LibYAML is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly sanitize user-supplied input. Successful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions. Versions prior to LibYAML 0.1.6 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04267749
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04267749 Version: 3
HPSBMU03024 rev.3 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2014-04-30 Last Updated: 2014-06-06
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP System Management Homepage (SMH) running on Linux and Windows and HP Systems Insight Manager (SIM), components of HP Insight Control server deployment.
Insight Control server deployment packages HP System Management Homepage (SMH) and HP Systems Insight Manager (SIM) and can deploy them through the below list of items. This bulletin will give you the information needed to update your HP Insight Control server deployment solution.
Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64
References: CVE-2014-0160 (SSRT101538)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided update v7.3.1 to HP Insight Control server deployment to resolve this vulnerability. HP has provided manual update steps if version upgrading is not possible.
Upgrade to HP Insight Control server deployment v7.3.1 (available at http://www.hp.com/go/insightupdates ) to remove the heartbleed vulnerability from Insight Control server deployment and its components.
Note: It is important to check your current running version of HP Insight Control server deployment, in order to follow the correct steps listed below.
If HP Insight Control server deployment cannot be upgraded to v7.3.1, then users of v7.1.2, v7.2.0, and v7.2.1 should take the following steps to remove this vulnerability. For HP Insight Control server deployment v7.2.2 users must upgrade to v7.3.1 to remove the vulnerability.
To address the vulnerability in an initial installation of HP Insight Control server deployment v7.1.2, v7.2.0, and v7.2.1, only follow steps 1 through Step 3 of the following procedure, before initiating an operating system deployment.
To address the vulnerability in a previous installation of HP Insight Control server deployment v7.1.2, v7.2.0, and v7.2.1 follow all steps in the following procedure.
Delete the smhamd64-.exe/smhx86-.exe" from Component Copy Location listed in the following table, row 1,2,3,4. Delete the affected hpsmh-7.*.rpm" from Component Copy Location listed in the following table, row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location suggested in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location
1 http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52 smhx86-cp023242.exe \express\hpfeatures\hpagents-ws\components\Win2003
2 http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37 smhamd64-cp023243.exe \express\hpfeatures\hpagents-ws\components\Win2003
3 http://www.hp.com/swpublishing/MTX-37075daeead2433cb41b59ae76 smhamd64-cp023341.exe \express\hpfeatures\hpagents-ws\components\Win2008
4 http://www.hp.com/swpublishing/MTX-27e03b2f9cd24e77adc9dba94a smhx86-cp023340.exe \express\hpfeatures\hpagents-ws\components\Win2008
5 http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components \express\hpfeatures\hpagents-sles10-x64\components \express\hpfeatures\hpagents-rhel5-x64\components \express\hpfeatures\hpagents-rhel6-x64\components
Initiate Install HP Management Agents for SLES 11 x64 on targets running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on targets running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL 5 x64. Initiate Install HP Management Agents for Windows x86/x64 on targets running Windows. Refer to the System Management Homepage security bulletin HPSBMU02998 for steps to take after SMH is updated to a version that is not impacted by Heartbleed, such as changing SMH passwords, and revoking SMH certificates if imported into HP Systems Insight Manager (two-way trust feature).
If you have HP Systems Insight Manager versions v7.3 or v7.3.1 installed, refer to security bulletin HPSBMU03022
Related security bulletins:
For System Management Homepage please see Security bulletin HPSBMU02998 https ://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04 239372
For Systems Insight Manager please see Security bulletin HPSBMU03022 https:// h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04263 236
HISTORY Version:1 (rev.1) - 30 April 2014 Initial release Version:2 (rev.2) - 2 May 2014 Updated Resolution Table Row 3 and 4 link and name information Version:3 (rev.3) - 6 April 2014 Added option to upgrade to v7.3.1
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlOR3lEACgkQ4B86/C0qfVlZrgCdE3wSSfWQe3QkqfQiVW2yNdIt sYEAoIciZoT8/ObR6QkE8OXUt0aiwCtA =NR0f -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3
AirPort Base Station Firmware Update 7.7.3 is now available and addresses the following:
Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged network position may obtain memory contents Description: An out-of-bounds read issue existed in the OpenSSL library when handling TLS heartbeat extension packets. An attacker in a privileged network position could obtain information from process memory. This issue was addressed through additional bounds checking. Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue. CVE-ID CVE-2014-0160 : Riku, Antti, and Matti of Codenomicon and Neel Mehta of Google Security
Installation note for Firmware version 7.7.3
Firmware version 7.7.3 is installed on AirPort Extreme or AirPort Time Capsule base stations with 802.11ac using AirPort Utility for Mac or iOS.
Use AirPort Utility 6.3.1 or later on OS X, or AirPort Utility 1.3.1 or later on iOS to upgrade to Firmware version 7.7.3.
AirPort Utility for Mac is a free download from http://www.apple.com/support/downloads/ and AirPort Utility for iOS is a free download from the App Store. This bulletin will be revised when the software updates are released.
Until the software updates are available, HP recommends restricting administrative access to the MSA on a secure and isolated private management network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:062 http://www.mandriva.com/en/support/security/
Package : openssl Date : March 27, 2015 Affected: Business Server 2.0
Problem Description:
Multiple vulnerabilities has been discovered and corrected in openssl:
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298).
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (CVE-2014-0198).
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221).
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470).
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message (CVE-2014-3513).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure (CVE-2014-3567).
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c (CVE-2014-3571).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection (CVE-2015-0206).
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209).
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature (CVE-2015-0286).
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287).
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (CVE-2015-0288).
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt
Updated Packages:
Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201404-07
http://security.gentoo.org/
Severity: Normal Title: OpenSSL: Information Disclosure Date: April 08, 2014 Bugs: #505278, #507074 ID: 201404-07
Synopsis
Multiple Information Disclosure vulnerabilities in OpenSSL allow remote attackers to obtain sensitive information via various vectors.
Background
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. * The Montgomery ladder implementation of OpenSSL improperly handles swap operations (CVE-2014-0076).
Impact
A remote attacker could exploit these issues to disclose information, including private keys or other sensitive information, or perform side-channel attacks to obtain ECDSA nonces.
Workaround
Disabling the tls-heartbeat USE flag (enabled by default) provides a workaround for the CVE-2014-0160 issue.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1g"
Note: All services using OpenSSL to provide TLS connections have to be restarted for the update to take effect. Utilities like app-admin/lib_users can aid in identifying programs using OpenSSL.
As private keys may have been compromised using the Heartbleed attack, it is recommended to regenerate them.
References
[ 1 ] CVE-2014-0076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0076 [ 2 ] CVE-2014-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160 [ 3 ] Heartbleed bug website http://heartbleed.com/
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201404-07.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz: Upgraded. This update fixes two security issues: A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley agl@chromium.org and Bodo Moeller bmoeller@acm.org for preparing the fix. Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 ( Security fix ) patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1g-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1g-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1g-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1g-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1g-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1g-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1g-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 packages: 5467a62ebfbe9a9bfff64dcc4cfcdf7d openssl-1.0.1g-i486-1_slack14.0.txz bdadd9920f2ce6fe4a0a7bd0d96f99df openssl-solibs-1.0.1g-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 11ede2992e2b5d15bd3ffc5807571350 openssl-1.0.1g-x86_64-1_slack14.0.txz 858ea6409aab45a67a880458ce48f923 openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 8638083d9768ffcc4b7c597806ca634c openssl-1.0.1g-i486-1_slack14.1.txz 4d9dfe9db9e1f286ead72fc60971807b openssl-solibs-1.0.1g-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: d85f8f451f71dd606f3adb59e582322a openssl-1.0.1g-x86_64-1_slack14.1.txz 43ff4bbfe26f99e7a3b9145146d191a0 openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz
Slackware -current packages: 265a66855320207d4a7567ac5ae9a747 a/openssl-solibs-1.0.1g-i486-1.txz bf07a4b17f1c78a4081e2cfb711b8748 n/openssl-1.0.1g-i486-1.txz
Slackware x86_64 -current packages: 27e5135d764bd87bdb784b288e416b22 a/openssl-solibs-1.0.1g-x86_64-1.txz 5ef747eed99ac34102b34d8d0eaed3a8 n/openssl-1.0.1g-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1g-i486-1_slack14.1.txz openssl-solibs-1.0.1g-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. There are no workarounds that mitigate these vulnerabilities. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software.
References: CVE-2014-0160 (SSRT101499)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Each bulletin will include a patch and/or mitigation guideline.
Note: OpenSSL is an external product embedded in HP products.
Bulletin Applicability:
This bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide.
To learn more about HP Software Incident Response, please visit http://www8.h p.com/us/en/software-solutions/enterprise-software-security-center/response-c enter.html .
Software updates are available from HP Software Support Online at http://support.openview.hp.com/downloads.jsp
HISTORY Version:1 (rev.1) - 11 April 2014 Initial release Version:2 (rev.2) - 13 April 2014 Added HP UCMDB Configuration Manager as impacted, updated HP UCMDB Browser impacted versions Version:3 (rev.3) - 17 April 2014 Added HP Software Autonomy WorkSite Server as impacted
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0592", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mivoice", scope: "eq", trust: 1, vendor: "mitel", version: "1.4.0.102", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "8.0", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "13.10", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "6.0", }, { model: "micollab", scope: "eq", trust: 1, vendor: "mitel", version: "6.0", }, { model: "gluster storage", scope: "eq", trust: 1, vendor: "redhat", version: "2.1", }, { model: "mivoice", scope: "eq", trust: 1, vendor: "mitel", version: "1.3.2.2", }, { model: "symantec messaging gateway", scope: "eq", trust: 1, vendor: "broadcom", version: "10.6.1", }, { model: "mivoice", scope: "eq", trust: 1, vendor: "mitel", version: "1.2.0.11", }, { model: "micollab", scope: "eq", trust: 1, vendor: "mitel", version: "7.2", }, { model: "cp 1543-1", scope: "eq", trust: 1, vendor: "siemens", version: "1.1", }, { model: "openssl", scope: "gte", trust: 1, vendor: "openssl", version: "1.0.1", }, { model: "v100", scope: "eq", trust: 1, vendor: "intellian", version: "1.20", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "19", }, { model: "s9922l", scope: "eq", trust: 1, vendor: "ricon", version: "16.10.3\\(3794\\)", }, { model: "micollab", scope: "eq", trust: 1, vendor: "mitel", version: "7.3.0.104", }, { model: "v100", scope: "eq", trust: 1, vendor: "intellian", version: "1.21", }, { model: "micollab", scope: "eq", trust: 1, vendor: "mitel", version: "7.3", }, { model: "micollab", scope: "eq", trust: 1, vendor: "mitel", version: "7.1", }, { model: "opensuse", scope: "eq", trust: 1, vendor: "opensuse", version: "12.3", }, { model: "elan-8.2", scope: "lt", trust: 1, vendor: "siemens", version: "8.3.3", }, { model: "opensuse", scope: "eq", trust: 1, vendor: "opensuse", version: "13.1", }, { model: "mivoice", scope: "eq", trust: 1, vendor: "mitel", version: "1.1.3.3", }, { model: "symantec messaging gateway", scope: "eq", trust: 1, vendor: "broadcom", version: "10.6.0", }, { model: "splunk", scope: "lt", trust: 1, vendor: "splunk", version: "6.0.3", }, { model: "wincc open architecture", scope: "eq", trust: 1, vendor: "siemens", version: "3.12", }, { model: "enterprise linux server aus", scope: "eq", trust: 1, vendor: "redhat", version: "6.5", }, { model: "micollab", scope: "eq", trust: 1, vendor: "mitel", version: "7.0", }, { model: "enterprise linux server tus", scope: "eq", trust: 1, vendor: "redhat", version: "6.5", }, { model: "enterprise linux server eus", scope: "eq", trust: 1, vendor: "redhat", version: "6.5", }, { model: "application processing engine", scope: "eq", trust: 1, vendor: "siemens", version: "2.0", }, { model: "enterprise linux workstation", scope: "eq", trust: 1, vendor: "redhat", version: "6.0", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "20", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "7.0", }, { model: "enterprise linux server", scope: "eq", trust: 1, vendor: "redhat", version: "6.0", }, { model: "mivoice", scope: "eq", trust: 1, vendor: "mitel", version: "1.1.2.5", }, { model: "openssl", scope: "lt", trust: 1, vendor: "openssl", version: "1.0.1g", }, { model: "simatic s7-1500", scope: "eq", trust: 1, vendor: "siemens", version: "1.5", }, { model: "v100", scope: "eq", trust: 1, vendor: "intellian", version: "1.24", }, { model: "simatic s7-1500t", scope: "eq", trust: 1, vendor: "siemens", version: "1.5", }, { model: "enterprise linux desktop", scope: "eq", trust: 1, vendor: "redhat", version: "6.0", }, { model: "virtualization", scope: "eq", trust: 1, vendor: "redhat", version: "6.0", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "12.10", }, { model: "splunk", scope: "gte", trust: 1, vendor: "splunk", version: "6.0.0", }, { model: "v60", scope: "eq", trust: 1, vendor: "intellian", version: "1.15", }, { model: "storage", scope: "eq", trust: 1, vendor: "redhat", version: "2.1", }, { model: "server", scope: "lt", trust: 1, vendor: "filezilla", version: "0.9.44", }, { model: "v60", scope: "eq", trust: 1, vendor: "intellian", version: "1.25", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "12.04", }, { model: "freebsd", scope: "eq", trust: 0.8, vendor: "freebsd", version: "10.0", }, { model: "openssl", scope: "lte", trust: 0.8, vendor: "openssl", version: "1.0.1 from 1.0.1f", }, { model: "asianux server", scope: "eq", trust: 0.8, vendor: "cybertrust", version: "4 for x86", }, { model: "asianux server", scope: "eq", trust: 0.8, vendor: "cybertrust", version: "4 for x86_64", }, { model: "office", scope: "lt", trust: 0.8, vendor: "cybozu", version: "10.1.0", }, { model: "mailwise", scope: "lt", trust: 0.8, vendor: "cybozu", version: "5.1.4", }, { model: "hp tippingpoint", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "ngfw 1.0.1", }, { model: "hp tippingpoint", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "ngfw 1.0.2", }, { model: "hp tippingpoint", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "ngfw 1.0.3", }, { model: "hp tippingpoint", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "ngfw 1.1.0_4127", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "3.1.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.3", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "3.2", }, { model: "libyaml", scope: "ne", trust: 0.3, vendor: "pyyaml", version: "0.1.6", }, { model: "puppet enterprise", scope: "ne", trust: 0.3, vendor: "puppetlabs", version: "3.2.2", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1", }, { model: "chef", scope: "ne", trust: 0.3, vendor: "opscode", version: "1.4.9", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "2.8.0", }, { model: "chef", scope: "eq", trust: 0.3, vendor: "opscode", version: "1.4.8", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "2.5.2", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "13.10", }, { model: "puppet enterprise", scope: "ne", trust: 0.3, vendor: "puppetlabs", version: "2.8.6", }, { model: "patterson psych", scope: "ne", trust: 0.3, vendor: "aaron", version: "2.0.5", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.1", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "2.7.2", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "common for rhel server", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "libyaml", scope: "eq", trust: 0.3, vendor: "pyyaml", version: "0.1.3", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.2", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "openstack", scope: "eq", trust: 0.3, vendor: "redhat", version: "4.0", }, { model: "libyaml", scope: "eq", trust: 0.3, vendor: "pyyaml", version: "0.1.1", }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.10", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "2.0", }, { model: "linux", scope: null, trust: 0.3, vendor: "gentoo", version: null, }, { model: "linux lts i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "3.0", }, { model: "patterson psych", scope: "eq", trust: 0.3, vendor: "aaron", version: "2.0.4", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "2.0.2", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "3.0.1", }, { model: "chef", scope: "ne", trust: 0.3, vendor: "opscode", version: "11.1.3", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "3.1.2", }, { model: "enterprise server", scope: "eq", trust: 0.3, vendor: "mandrakesoft", version: "5", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "2.5.1", }, { model: "libyaml", scope: "eq", trust: 0.3, vendor: "pyyaml", version: "0.1.2", }, { model: "libyaml", scope: "eq", trust: 0.3, vendor: "pyyaml", version: "0.0.1", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "2.0.3", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "3.1.1", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "2.7.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.1", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "2.8.4", }, { model: "enterprise server x86 64", scope: "eq", trust: 0.3, vendor: "mandrakesoft", version: "5", }, { model: "chef", scope: "eq", trust: 0.3, vendor: "opscode", version: "11.1.2", }, { model: "linux lts amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9", }, { model: "mac os", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.9.5", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "3.1", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "2.6", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "2.7", }, { model: "openstack", scope: "eq", trust: 0.3, vendor: "redhat", version: "3.0", }, { model: "libyaml", scope: "eq", trust: 0.3, vendor: "pyyaml", version: "0.1.4", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "2.8.3", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "2.6.1", }, { model: "chef", scope: "ne", trust: 0.3, vendor: "opscode", version: "11.0.12", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.37", }, { model: "software collections for rhel", scope: "eq", trust: 0.3, vendor: "redhat", version: "160", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1x8664", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "2.0.1", }, { model: "libyaml", scope: "eq", trust: 0.3, vendor: "pyyaml", version: "0.1.5", }, { model: "chef", scope: "eq", trust: 0.3, vendor: "opscode", version: "11.0.11", }, { model: "centos", scope: "eq", trust: 0.3, vendor: "centos", version: "0", }, { model: "puppet enterprise", scope: "eq", trust: 0.3, vendor: "puppetlabs", version: "2.8.2", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.10", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.0", }, ], sources: [ { db: "BID", id: "66478", }, { db: "JVNDB", id: "JVNDB-2014-001920", }, { db: "NVD", id: "CVE-2014-0160", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1g", versionStartIncluding: "1.0.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "0.9.44", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cp_1543-1:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_s7-1500t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:elan-8.2:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.3.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:wincc_open_architecture:3.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intellian:v100_firmware:1.20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:intellian:v100_firmware:1.21:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:intellian:v100_firmware:1.24:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intellian:v100:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intellian:v60_firmware:1.15:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:intellian:v60_firmware:1.25:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intellian:v60:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:mivoice:1.1.3.3:*:*:*:*:skype_for_business:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:mivoice:1.2.0.11:*:*:*:*:skype_for_business:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:mivoice:1.3.2.2:*:*:*:*:skype_for_business:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:mivoice:1.4.0.102:*:*:*:*:skype_for_business:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:mivoice:1.1.2.5:*:*:*:*:lync:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:ricon:s9922l_firmware:16.10.3\\(3794\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:ricon:s9922l:1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2014-0160", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "HP", sources: [ { db: "PACKETSTORM", id: "126993", }, { db: "PACKETSTORM", id: "126785", }, { db: "PACKETSTORM", id: "126161", }, { db: "PACKETSTORM", id: "126458", }, { db: "PACKETSTORM", id: "126203", }, { db: "PACKETSTORM", id: "126450", }, { db: "PACKETSTORM", id: "126236", }, ], trust: 0.7, }, cve: "CVE-2014-0160", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "IPA", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2014-001920", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2014-0160", impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2014-0160", trust: 1, value: "HIGH", }, { author: "IPA", id: "JVNDB-2014-001920", trust: 0.8, value: "Medium", }, { author: "VULMON", id: "CVE-2014-0160", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2014-0160", }, { db: "JVNDB", id: "JVNDB-2014-001920", }, { db: "NVD", id: "CVE-2014-0160", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. OpenSSL of heartbeat An information disclosure vulnerability exists in the implementation of the extension. TLS And DTLS In communication OpenSSL The memory contents of the process executing this code may be leaked to the communication partner.An important information such as a private key may be obtained by a remote third party. LibYAML is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly sanitize user-supplied input. \nSuccessful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions. \nVersions prior to LibYAML 0.1.6 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04267749\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04267749\nVersion: 3\n\nHPSBMU03024 rev.3 - HP Insight Control Server Deployment on Linux and Windows\nrunning OpenSSL with System Management Homepage and Systems Insight Manager,\nRemote Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-04-30\nLast Updated: 2014-06-06\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP System\nManagement Homepage (SMH) running on Linux and Windows and HP Systems Insight\nManager (SIM), components of HP Insight Control server deployment. \n\nInsight Control server deployment packages HP System Management Homepage\n(SMH) and HP Systems Insight Manager (SIM) and can deploy them through the\nbelow list of items. This bulletin will give you the information needed to\nupdate your HP Insight Control server deployment solution. \n\nInstall HP Management Agents for Windows x86/x64\nInstall HP Management Agents for RHEL 5 x64\nInstall HP Management Agents for RHEL 6 x64\nInstall HP Management Agents for SLES 10 x64\nInstall HP Management Agents for SLES 11 x64\n\nReferences: CVE-2014-0160 (SSRT101538)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided update v7.3.1 to HP Insight Control server deployment to\nresolve this vulnerability. HP has provided manual update steps if version\nupgrading is not possible. \n\nUpgrade to HP Insight Control server deployment v7.3.1 (available at\nhttp://www.hp.com/go/insightupdates ) to remove the heartbleed vulnerability\nfrom Insight Control server deployment and its components. \n\nNote: It is important to check your current running version of HP Insight\nControl server deployment, in order to follow the correct steps listed below. \n\nIf HP Insight Control server deployment cannot be upgraded to v7.3.1, then\nusers of v7.1.2, v7.2.0, and v7.2.1 should take the following steps to remove\nthis vulnerability. For HP Insight Control server deployment v7.2.2 users\nmust upgrade to v7.3.1 to remove the vulnerability. \n\nTo address the vulnerability in an initial installation of HP Insight Control\nserver deployment v7.1.2, v7.2.0, and v7.2.1, only follow steps 1 through\nStep 3 of the following procedure, before initiating an operating system\ndeployment. \n\nTo address the vulnerability in a previous installation of HP Insight Control\nserver deployment v7.1.2, v7.2.0, and v7.2.1 follow all steps in the\nfollowing procedure. \n\nDelete the smhamd64-*.exe/smhx86-*.exe\" from Component Copy Location listed\nin the following table, row 1,2,3,4. \nDelete the affected hpsmh-7.*.rpm\" from Component Copy Location listed in the\nfollowing table, row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nsuggested in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52\n smhx86-cp023242.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\n2\n http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37\n smhamd64-cp023243.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\n3\n http://www.hp.com/swpublishing/MTX-37075daeead2433cb41b59ae76\n smhamd64-cp023341.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-27e03b2f9cd24e77adc9dba94a\n smhx86-cp023340.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\nInitiate Install HP Management Agents for SLES 11 x64 on targets running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on targets running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL\n6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL\n5 x64. \nInitiate Install HP Management Agents for Windows x86/x64 on targets running\nWindows. \nRefer to the System Management Homepage security bulletin HPSBMU02998 for\nsteps to take after SMH is updated to a version that is not impacted by\nHeartbleed, such as changing SMH passwords, and revoking SMH certificates if\nimported into HP Systems Insight Manager (two-way trust feature). \n\nIf you have HP Systems Insight Manager versions v7.3 or v7.3.1 installed,\nrefer to security bulletin HPSBMU03022\n\nRelated security bulletins:\n\nFor System Management Homepage please see Security bulletin HPSBMU02998 https\n://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04\n239372\n\nFor Systems Insight Manager please see Security bulletin HPSBMU03022 https://\nh20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04263\n236\n\nHISTORY\nVersion:1 (rev.1) - 30 April 2014 Initial release\nVersion:2 (rev.2) - 2 May 2014 Updated Resolution Table Row 3 and 4 link and\nname information\nVersion:3 (rev.3) - 6 April 2014 Added option to upgrade to v7.3.1\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlOR3lEACgkQ4B86/C0qfVlZrgCdE3wSSfWQe3QkqfQiVW2yNdIt\nsYEAoIciZoT8/ObR6QkE8OXUt0aiwCtA\n=NR0f\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3\n\nAirPort Base Station Firmware Update 7.7.3 is now available and\naddresses the following:\n\nAvailable for:\nAirPort Extreme and AirPort Time Capsule base stations with 802.11ac\nImpact: An attacker in a privileged network position may obtain\nmemory contents\nDescription: An out-of-bounds read issue existed in the OpenSSL\nlibrary when handling TLS heartbeat extension packets. An attacker in\na privileged network position could obtain information from process\nmemory. This issue was addressed through additional bounds checking. \nOnly AirPort Extreme and AirPort Time Capsule base stations with\n802.11ac are affected, and only if they have Back to My Mac or Send\nDiagnostics enabled. Other AirPort base stations are not impacted by\nthis issue. \nCVE-ID\nCVE-2014-0160 : Riku, Antti, and Matti of Codenomicon and Neel Mehta\nof Google Security\n\n\nInstallation note for Firmware version 7.7.3\n\nFirmware version 7.7.3 is installed on AirPort Extreme or AirPort\nTime Capsule base stations with 802.11ac using AirPort Utility for\nMac or iOS. \n\nUse AirPort Utility 6.3.1 or later on OS X, or AirPort Utility 1.3.1\nor later on iOS to upgrade to Firmware version 7.7.3. \n\nAirPort Utility for Mac is a free download from\nhttp://www.apple.com/support/downloads/ and AirPort Utility for iOS\nis a free download from the App Store. This bulletin will be revised when the\nsoftware updates are released. \n\nUntil the software updates are available, HP recommends restricting\nadministrative access to the MSA on a secure and isolated private management\nnetwork. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:062\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : openssl\n Date : March 27, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in openssl:\n \n Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows\n remote attackers to inject data across sessions or cause a denial of\n service (use-after-free and parsing error) via an SSL connection in\n a multithreaded environment (CVE-2010-5298). \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g,\n when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a\n buffer pointer during certain recursive calls, which allows remote\n attackers to cause a denial of service (NULL pointer dereference\n and application crash) via vectors that trigger an alert condition\n (CVE-2014-0198). \n \n The dtls1_get_message_fragment function in d1_both.c in OpenSSL before\n 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote\n attackers to cause a denial of service (recursion and client crash)\n via a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221). \n \n The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL\n before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when\n an anonymous ECDH cipher suite is used, allows remote attackers to\n cause a denial of service (NULL pointer dereference and client crash)\n by triggering a NULL certificate value (CVE-2014-3470). \n \n Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1\n before 1.0.1j allows remote attackers to cause a denial of service\n (memory consumption) via a crafted handshake message (CVE-2014-3513). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL\n before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows\n remote attackers to cause a denial of service (memory consumption)\n via a crafted session ticket that triggers an integrity-check failure\n (CVE-2014-3567). \n \n The ssl23_get_client_hello function in s23_srvr.c in OpenSSL\n 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to\n use unsupported protocols, which allows remote attackers to cause a\n denial of service (NULL pointer dereference and daemon crash) via\n an unexpected handshake, as demonstrated by an SSLv3 handshake to\n a no-ssl3 application with certain error handling. NOTE: this issue\n became relevant after the CVE-2014-3568 fix (CVE-2014-3569). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n allows remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a crafted DTLS message that\n is processed with a different read operation for the handshake header\n than for the handshake body, related to the dtls1_get_record function\n in d1_pkt.c and the ssl3_read_n function in s3_pkt.c (CVE-2014-3571). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate's unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL\n 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers\n to cause a denial of service (memory consumption) by sending many\n duplicate records for the next epoch, leading to failure of replay\n detection (CVE-2015-0206). \n \n Use-after-free vulnerability in the d2i_ECPrivateKey function in\n crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r,\n 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote\n attackers to cause a denial of service (memory corruption and\n application crash) or possibly have unspecified other impact via a\n malformed Elliptic Curve (EC) private-key file that is improperly\n handled during import (CVE-2015-0209). \n \n The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before\n 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before\n 1.0.2a does not properly perform boolean-type comparisons, which allows\n remote attackers to cause a denial of service (invalid read operation\n and application crash) via a crafted X.509 certificate to an endpoint\n that uses the certificate-verification feature (CVE-2015-0286). \n \n The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a does not reinitialize CHOICE and ADB data structures,\n which might allow attackers to cause a denial of service (invalid\n write operation and memory corruption) by leveraging an application\n that relies on ASN.1 structure reuse (CVE-2015-0287). \n \n The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a might allow attackers to cause a denial of service\n (NULL pointer dereference and application crash) via an invalid\n certificate key (CVE-2015-0288). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote\n attackers to cause a denial of service (s2_lib.c assertion failure and\n daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n <security*mandriva.com>\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201404-07\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Information Disclosure\n Date: April 08, 2014\n Bugs: #505278, #507074\n ID: 201404-07\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple Information Disclosure vulnerabilities in OpenSSL allow remote\nattackers to obtain sensitive information via various vectors. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n* The Montgomery ladder implementation of OpenSSL improperly handles\n swap operations (CVE-2014-0076). \n\nImpact\n======\n\nA remote attacker could exploit these issues to disclose information,\nincluding private keys or other sensitive information, or perform\nside-channel attacks to obtain ECDSA nonces. \n\nWorkaround\n==========\n\nDisabling the tls-heartbeat USE flag (enabled by default) provides a\nworkaround for the CVE-2014-0160 issue. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.1g\"\n\nNote: All services using OpenSSL to provide TLS connections have to be\nrestarted for the update to take effect. Utilities like\napp-admin/lib_users can aid in identifying programs using OpenSSL. \n\nAs private keys may have been compromised using the Heartbleed attack,\nit is recommended to regenerate them. \n\nReferences\n==========\n\n[ 1 ] CVE-2014-0076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0076\n[ 2 ] CVE-2014-0160\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160\n[ 3 ] Heartbleed bug website\n http://heartbleed.com/\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201404-07.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1g-i486-1_slack14.1.txz: Upgraded. \n This update fixes two security issues:\n A missing bounds check in the handling of the TLS heartbeat extension\n can be used to reveal up to 64k of memory to a connected client or server. \n Thanks for Neel Mehta of Google Security for discovering this bug and to\n Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for\n preparing the fix. \n Fix for the attack described in the paper \"Recovering OpenSSL\n ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack\"\n by Yuval Yarom and Naomi Benger. Details can be obtained from:\n http://eprint.iacr.org/2014/140\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz: Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1g-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1g-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1g-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1g-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1g-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1g-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1g-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\n5467a62ebfbe9a9bfff64dcc4cfcdf7d openssl-1.0.1g-i486-1_slack14.0.txz\nbdadd9920f2ce6fe4a0a7bd0d96f99df openssl-solibs-1.0.1g-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n11ede2992e2b5d15bd3ffc5807571350 openssl-1.0.1g-x86_64-1_slack14.0.txz\n858ea6409aab45a67a880458ce48f923 openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8638083d9768ffcc4b7c597806ca634c openssl-1.0.1g-i486-1_slack14.1.txz\n4d9dfe9db9e1f286ead72fc60971807b openssl-solibs-1.0.1g-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nd85f8f451f71dd606f3adb59e582322a openssl-1.0.1g-x86_64-1_slack14.1.txz\n43ff4bbfe26f99e7a3b9145146d191a0 openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n265a66855320207d4a7567ac5ae9a747 a/openssl-solibs-1.0.1g-i486-1.txz\nbf07a4b17f1c78a4081e2cfb711b8748 n/openssl-1.0.1g-i486-1.txz\n\nSlackware x86_64 -current packages:\n27e5135d764bd87bdb784b288e416b22 a/openssl-solibs-1.0.1g-x86_64-1.txz\n5ef747eed99ac34102b34d8d0eaed3a8 n/openssl-1.0.1g-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1g-i486-1_slack14.1.txz openssl-solibs-1.0.1g-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \nThere are no workarounds that mitigate these vulnerabilities. \nOpenSSL is a 3rd party product that is embedded with some of HP Software\nproducts. This bulletin objective is to notify HP Software customers about\nproducts affected by the Heartbleed vulnerability. This weakness\npotentially allows disclosure of information protected, under normal\nconditions, by the SSL/TLS protocol. The impacted products appear in the list\nbelow are vulnerable due to embedding OpenSSL standard release software. \n\nReferences: CVE-2014-0160 (SSRT101499)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Each bulletin will include a patch and/or mitigation\nguideline. \n\nNote: OpenSSL is an external product embedded in HP products. \n\nBulletin Applicability:\n\nThis bulletin applies to each OpenSSL component that is embedded within the\nHP products listed in the security bulletin. The bulletin does not apply to\nany other 3rd party application (e.g. operating system, web server, or\napplication server) that may be required to be installed by the customer\naccording instructions in the product install guide. \n\nTo learn more about HP Software Incident Response, please visit http://www8.h\np.com/us/en/software-solutions/enterprise-software-security-center/response-c\nenter.html . \n\nSoftware updates are available from HP Software Support Online at\nhttp://support.openview.hp.com/downloads.jsp\n\nHISTORY\nVersion:1 (rev.1) - 11 April 2014 Initial release\nVersion:2 (rev.2) - 13 April 2014 Added HP UCMDB Configuration Manager as\nimpacted, updated HP UCMDB Browser impacted versions\nVersion:3 (rev.3) - 17 April 2014 Added HP Software Autonomy WorkSite Server\nas impacted", sources: [ { db: "NVD", id: "CVE-2014-0160", }, { db: "JVNDB", id: "JVNDB-2014-001920", }, { db: "BID", id: "66478", }, { db: "VULMON", id: "CVE-2014-0160", }, { db: "PACKETSTORM", id: "126993", }, { db: "PACKETSTORM", id: "126785", }, { db: "PACKETSTORM", id: "126161", }, { db: "PACKETSTORM", id: "126285", }, { db: "PACKETSTORM", id: "126458", }, { db: "PACKETSTORM", id: "126203", }, { db: "PACKETSTORM", id: "126450", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "126056", }, { db: "PACKETSTORM", id: "126086", }, { db: "PACKETSTORM", id: "126420", }, { db: "PACKETSTORM", id: "126236", }, ], trust: 3.06, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=32745", trust: 0.4, type: "exploit", }, ], sources: [ { db: "VULMON", id: "CVE-2014-0160", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2014-0160", trust: 3.4, }, { db: "USCERT", id: "TA14-098A", trust: 1.9, }, { db: "CERT/CC", id: "VU#720951", trust: 1.9, }, { db: "SECUNIA", id: "57721", trust: 1.1, }, { db: "SECUNIA", id: "59243", trust: 1.1, }, { db: "SECUNIA", id: "57836", trust: 1.1, }, { db: "SECUNIA", id: "57968", trust: 1.1, }, { db: "SECUNIA", id: "59347", trust: 1.1, }, { db: "SECUNIA", id: "57966", trust: 1.1, }, { db: "SECUNIA", id: "57483", trust: 1.1, }, { db: "SECUNIA", id: "57347", trust: 1.1, }, { db: "SECUNIA", id: "59139", trust: 1.1, }, { db: "SECTRACK", id: "1030079", trust: 1.1, }, { db: "SECTRACK", id: "1030074", trust: 1.1, }, { db: "SECTRACK", id: "1030081", trust: 1.1, }, { db: "SECTRACK", id: "1030080", trust: 1.1, }, { db: "SECTRACK", id: "1030026", trust: 1.1, }, { db: "SECTRACK", id: "1030077", trust: 1.1, }, { db: "SECTRACK", id: "1030082", trust: 1.1, }, { db: "SECTRACK", id: "1030078", trust: 1.1, }, { db: "BID", id: "66690", trust: 1.1, }, { db: "EXPLOIT-DB", id: "32745", trust: 1.1, }, { db: "EXPLOIT-DB", id: "32764", trust: 1.1, }, { db: "SIEMENS", id: "SSA-635659", trust: 1.1, }, { db: "ICS CERT", id: "ICSA-14-135-02", trust: 0.9, }, { db: "JVN", id: "JVNVU94401838", trust: 0.8, }, { db: "USCERT", id: "TA15-119A", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-15-344-01", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-14-128-01", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-14-114-01", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-14-126-01", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-14-135-04", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-14-135-05", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-14-105-02A", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-14-105-03A", trust: 0.8, }, { db: "ICS CERT ALERT", id: "ICS-ALERT-14-099-01E", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2014-001920", trust: 0.8, }, { db: "OCERT", id: "OCERT-2014-003", trust: 0.3, }, { db: "BID", id: "66478", trust: 0.3, }, { db: "VULMON", id: "CVE-2014-0160", trust: 0.1, }, { db: "PACKETSTORM", id: "126993", trust: 0.1, }, { db: "PACKETSTORM", id: "126785", trust: 0.1, }, { db: "PACKETSTORM", id: "126161", trust: 0.1, }, { db: "PACKETSTORM", id: "126285", trust: 0.1, }, { db: "PACKETSTORM", id: "126458", trust: 0.1, }, { db: "PACKETSTORM", id: "126203", trust: 0.1, }, { db: "PACKETSTORM", id: "126450", trust: 0.1, }, { db: "PACKETSTORM", id: "131044", trust: 0.1, }, { db: "PACKETSTORM", id: "126056", trust: 0.1, }, { db: "PACKETSTORM", id: "126086", trust: 0.1, }, { db: "PACKETSTORM", id: "126420", trust: 0.1, }, { db: "PACKETSTORM", id: "126236", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2014-0160", }, { db: "BID", id: "66478", }, { db: "JVNDB", id: "JVNDB-2014-001920", }, { db: "PACKETSTORM", id: "126993", }, { db: "PACKETSTORM", id: "126785", }, { db: "PACKETSTORM", id: "126161", }, { db: "PACKETSTORM", id: "126285", }, { db: "PACKETSTORM", id: "126458", }, { db: "PACKETSTORM", id: "126203", }, { db: "PACKETSTORM", id: "126450", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "126056", }, { db: "PACKETSTORM", id: "126086", }, { db: "PACKETSTORM", id: "126420", }, { db: "PACKETSTORM", id: "126236", }, { db: "NVD", id: "CVE-2014-0160", }, ], }, id: "VAR-201404-0592", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.6038711649999999, }, last_update_date: "2024-07-23T21:20:07.305000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Apache Tomcat - Apache Tomcat APR/native Connector vulnerabilities", trust: 0.8, url: "http://tomcat.apache.org/security-native.html", }, { title: "Security/Heartbleed - Tomcat Wiki", trust: 0.8, url: "http://wiki.apache.org/tomcat/security/heartbleed", }, { title: "ミラクル・リナックス株式会社 の告知ページ", trust: 0.8, url: "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=3566&stype=&sproduct=&published=1", }, { title: "BlackBerry response to OpenSSL “Heartbleed” vulnerability", trust: 0.8, url: "http://www.blackberry.com/btsc/kb35882", }, { title: "Enterprise Chef 1.4.9 Release", trust: 0.8, url: "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", }, { title: "Chef Server Heartbleed (CVE-2014-0160) Releases", trust: 0.8, url: "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/", }, { title: "Chef Server 11.0.12 Release", trust: 0.8, url: "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", }, { title: "Enterprise Chef 11.1.3 Release", trust: 0.8, url: "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", }, { title: "cisco-sa-20140409-heartbleed", trust: 0.8, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-heartbleed", }, { title: "Release Notes", trust: 0.8, url: "http://cogentdatahub.com/releasenotes.html", }, { title: "FSC-2014-1: Notice on OpenSSL 'Heartbleed' Vulnerability", trust: 0.8, url: "http://www.f-secure.com/en/web/labs_global/fsc-2014-1", }, { title: "SOL15159: OpenSSL vulnerability CVE-2014-0160", trust: 0.8, url: "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217", }, { title: "Version history", trust: 0.8, url: "https://filezilla-project.org/versions.php?type=server", }, { title: "OpenSSL multiple vulnerabilities", trust: 0.8, url: "http://www.freebsd.org/security/advisories/freebsd-sa-14:06.openssl.asc", }, { title: "HPSBHF03136 SSRT101726", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c04475466", }, { title: "HPSBMU03022 SSRT101527", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c04263236", }, { title: "HPSBMU03024 SSRT101538", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c04267749", }, { title: "HPSBST03000 SSRT101513", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c04260637", }, { title: "HPSBMU03033 SSRT101550", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c04272892", }, { title: "HPSBHF03293 SSRT101846", trust: 0.8, url: "http://h20566.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04595951&lang=en&cc=us", }, { title: "HPSBMU02995 SSRT101499", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c04236102", }, { title: "HPSBMU03009 SSRT101520", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c04249113", }, { title: "OpenSSL Heartbleed (CVE-2014-0160) ", trust: 0.8, url: "https://www-304.ibm.com/connections/blogs/psirt/entry/openssl_heartbleed_cve_2014_0160?lang=en_us", }, { title: "1670161", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21670161", }, { title: "00001841", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", }, { title: "00001843", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", }, { title: "1672507", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21672507", }, { title: "アライドテレシス株式会社からの情報", trust: 0.8, url: "http://jvn.jp/vu/jvnvu94401838/522154/index.html", }, { title: "Kerio Control Release History", trust: 0.8, url: "http://www.kerio.com/support/kerio-control/release-history", }, { title: "AV14-001", trust: 0.8, url: "http://jpn.nec.com/security-info/av14-001.html", }, { title: "Add heartbeat extension bounds check.", trust: 0.8, url: "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3", }, { title: "OpenSSL Security Advisory [07 Apr 2014] - TLS heartbeat read overrun (CVE-2014-0160)", trust: 0.8, url: "http://www.openssl.org/news/secadv_20140407.txt", }, { title: "OpenSSL Security Bug - Heartbleed / CVE-2014-0160", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html", }, { title: "Oracle Security Alert for CVE-2014-0160", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html", }, { title: "Oracle Critical Patch Update Advisory - July 2014", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", }, { title: "Bug 1084875", trust: 0.8, url: "https://bugzilla.redhat.com/show_bug.cgi?id=1084875", }, { title: "RHSA-2014:0377", trust: 0.8, url: "http://rhn.redhat.com/errata/rhsa-2014-0377.html", }, { title: "RHSA-2014:0378", trust: 0.8, url: "http://rhn.redhat.com/errata/rhsa-2014-0378.html", }, { title: "RHSA-2014:0376", trust: 0.8, url: " http://rhn.redhat.com/errata/rhsa-2014-0376.html", }, { title: "RHSA-2014:0396", trust: 0.8, url: "http://rhn.redhat.com/errata/rhsa-2014-0396.html", }, { title: "Multiple vulnerabilities in OpenSSL", trust: 0.8, url: "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl5", }, { title: "Vulnerabilities resolved in TRITON APX Version 8.0", trust: 0.8, url: "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0", }, { title: "Splunk 6.0.3 addresses two vulnerabilities - April 10, 2014", trust: 0.8, url: "http://www.splunk.com/view/sp-caaamb3", }, { title: "日本マイクロソフト株式会社 の告知ページ", trust: 0.8, url: "http://blogs.technet.com/b/jpsecurity/archive/2014/04/11/microsoft-services-unaffected-by-openssl-quot-heartbleed-quot-vulnerability.aspx", }, { title: "UIS-2014-1", trust: 0.8, url: "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=1", }, { title: "UIS-2014-3", trust: 0.8, url: "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=3", }, { title: "VMSA-2014-0012", trust: 0.8, url: "http://www.vmware.com/security/advisories/vmsa-2014-0012.html", }, { title: "OpenSSLの脆弱性に伴う弊社製品への影響について", trust: 0.8, url: "https://cs.cybozu.co.jp/2014/001064.html", }, { title: "株式会社インターネットイニシアティブ の告知ページ", trust: 0.8, url: "http://www.seil.jp/support/security/140409.html", }, { title: "cisco-sa-20140409-heartbleed", trust: 0.8, url: "http://www.cisco.com/cisco/web/support/jp/112/1122/1122496_erp-heartbleed-j.html", }, { title: "アラート/アドバイザリ: OpenSSL Heartbleed の脆弱性(CVE-2014-0160)について", trust: 0.8, url: "http://esupport.trendmicro.com/solution/ja-jp/1103090.aspx", }, { title: "HIRT-PUB14005:日立製品における OpenSSL 情報漏えいを許してしまう脆弱性(CVE-2014-0160) への対応について", trust: 0.8, url: "http://www.hitachi.co.jp/hirt/publications/hirt-pub14005/index.html", }, { title: "Systemwalker Desktop Patrol: OpenSSL の heartbeat 拡張に情報漏えいの脆弱性(CVE-2014-0160) (2014年5月8日)", trust: 0.8, url: "http://software.fujitsu.com/jp/security/products-fujitsu/solution/systemwalker_dtp201401.html", }, { title: "TA14-098A", trust: 0.8, url: "http://software.fujitsu.com/jp/security/vulnerabilities/ta14-098a.html", }, { title: "The Register", trust: 0.2, url: "https://www.theregister.co.uk/2017/01/23/heartbleed_2017/", }, { title: "The Register", trust: 0.2, url: "https://www.theregister.co.uk/2014/04/24/apple_posts_updates_for_heartbleed_flaw_in_airport/", }, { title: "The Register", trust: 0.2, url: "https://www.theregister.co.uk/2014/04/11/hackers_hammering_heartbleed/", }, { title: "The Register", trust: 0.2, url: "https://www.theregister.co.uk/2014/04/09/heartbleed_vuln_analysis/", }, { title: "Debian CVElist Bug Report Logs: CVE-2014-0160 heartbeat read overrun (heartbleed)", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e4799ab8fe4804274ba2db4d65cd867b", }, { title: "Debian Security Advisories: DSA-2896-1 openssl -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=264ec318be06a69e28012f62b2dc5bb7", }, { title: "Ubuntu Security Notice: openssl vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-2165-1", }, { title: "", trust: 0.1, url: "https://github.com/live-hack-cve/cve-2014-0160 ", }, { title: "exploits", trust: 0.1, url: "https://github.com/vs4vijay/exploits ", }, { title: "VULNIX", trust: 0.1, url: "https://github.com/el-palomo/vulnix ", }, { title: "openssl-heartbleed-fix", trust: 0.1, url: "https://github.com/sammyfung/openssl-heartbleed-fix ", }, { title: "cve-2014-0160", trust: 0.1, url: "https://github.com/cved-sources/cve-2014-0160 ", }, { title: "heartbleed_check", trust: 0.1, url: "https://github.com/ehoffmann-cp/heartbleed_check ", }, { title: "heartbleed", trust: 0.1, url: "https://github.com/okrutnik420/heartbleed ", }, { title: "heartbleed-test.crx", trust: 0.1, url: "https://github.com/iwaffles/heartbleed-test.crx ", }, { title: "", trust: 0.1, url: "https://github.com/maheshmaske111/te ", }, { title: "AradSocket", trust: 0.1, url: "https://github.com/araditc/aradsocket ", }, { title: "sslscan", trust: 0.1, url: "https://github.com/kaisenlinux/sslscan ", }, { title: "Springboard_Capstone_Project", trust: 0.1, url: "https://github.com/jonahwinninghoff/springboard_capstone_project ", }, { title: "", trust: 0.1, url: "https://github.com/mre-fog/heartbleeder ", }, { title: "buffer_overflow_exploit", trust: 0.1, url: "https://github.com/olivamadrigal/buffer_overflow_exploit ", }, { title: "", trust: 0.1, url: "https://github.com/ashrafulislamcs/ubuntu-server-hardening ", }, { title: "insecure_project", trust: 0.1, url: "https://github.com/turtlesec-no/insecure_project ", }, { title: "", trust: 0.1, url: "https://github.com/maheshmaske111/ssl ", }, { title: "", trust: 0.1, url: "https://github.com/h4r335hr/heartbleed ", }, { title: "nmap-scripts", trust: 0.1, url: "https://github.com/takeshixx/nmap-scripts ", }, { title: "knockbleed", trust: 0.1, url: "https://github.com/siddolo/knockbleed ", }, { title: "heartbleed-masstest", trust: 0.1, url: "https://github.com/musalbas/heartbleed-masstest ", }, { title: "HeartBleedDotNet", trust: 0.1, url: "https://github.com/shawinnes/heartbleeddotnet ", }, { title: "heartbleed_test_openvpn", trust: 0.1, url: "https://github.com/weisslj/heartbleed_test_openvpn ", }, { title: "paraffin", trust: 0.1, url: "https://github.com/vmeurisse/paraffin ", }, { title: "sslscan", trust: 0.1, url: "https://github.com/rbsec/sslscan ", }, { title: "Heartbleed_Dockerfile_with_Nginx", trust: 0.1, url: "https://github.com/froyo75/heartbleed_dockerfile_with_nginx ", }, { title: "heartbleed-bug", trust: 0.1, url: "https://github.com/cldme/heartbleed-bug ", }, { title: "", trust: 0.1, url: "https://github.com/h4ck3rt3ch/awesome-web-hacking ", }, { title: "Web-Hacking", trust: 0.1, url: "https://github.com/adm0i/web-hacking ", }, { title: "cybersecurity-ethical-hacking", trust: 0.1, url: "https://github.com/paulveillard/cybersecurity-ethical-hacking ", }, { title: "Lastest-Web-Hacking-Tools-vol-I", trust: 0.1, url: "https://github.com/saratogamarine/lastest-web-hacking-tools-vol-i ", }, { title: "HTBValentineWriteup", trust: 0.1, url: "https://github.com/zimmel15/htbvalentinewriteup ", }, { title: "heartbleed-poc", trust: 0.1, url: "https://github.com/sensepost/heartbleed-poc ", }, { title: "CVE-2014-0160", trust: 0.1, url: "https://github.com/0x90/cve-2014-0160 ", }, { title: "Certified-Ethical-Hacker-Exam-CEH-v10", trust: 0.1, url: "https://github.com/tung0801/certified-ethical-hacker-exam-ceh-v10 ", }, { title: "cs558heartbleed", trust: 0.1, url: "https://github.com/gkaptch1/cs558heartbleed ", }, { title: "HeartBleed", trust: 0.1, url: "https://github.com/archaic-magnon/heartbleed ", }, { title: "", trust: 0.1, url: "https://github.com/undacmic/heartbleed-proof-of-concept ", }, { title: "openvpn-jookk", trust: 0.1, url: "https://github.com/jeypi04/openvpn-jookk ", }, { title: "Heartbleed", trust: 0.1, url: "https://github.com/saiprasad16/heartbleed ", }, { title: "", trust: 0.1, url: "https://github.com/kickfootcode/loveyouall ", }, { title: "", trust: 0.1, url: "https://github.com/imesecan/leakreducer-artifacts ", }, { title: "", trust: 0.1, url: "https://github.com/tvernet/kali-tools-liste-et-description ", }, { title: "", trust: 0.1, url: "https://github.com/k4u5h41/heartbleed ", }, { title: "", trust: 0.1, url: "https://github.com/ronaldogdm/heartbleed ", }, { title: "", trust: 0.1, url: "https://github.com/rochacbruno/my-awesome-stars ", }, { title: "", trust: 0.1, url: "https://github.com/asadhasan73/temp_comp_sec ", }, { title: "", trust: 0.1, url: "https://github.com/aakaashzz/heartbleed ", }, { title: "tls-channel", trust: 0.1, url: "https://github.com/marianobarrios/tls-channel ", }, { title: "fuzzx_cpp_demo", trust: 0.1, url: "https://github.com/guardstrikelab/fuzzx_cpp_demo ", }, { title: "", trust: 0.1, url: "https://github.com/ppamo/recon_net_tools ", }, { title: "heatbleeding", trust: 0.1, url: "https://github.com/idkqh7/heatbleeding ", }, { title: "HeartBleed-Vulnerability-Checker", trust: 0.1, url: "https://github.com/waqasjamal/heartbleed-vulnerability-checker ", }, { title: "heartbleed", trust: 0.1, url: "https://github.com/iscinc/heartbleed ", }, { title: "heartbleed-dtls", trust: 0.1, url: "https://github.com/hreese/heartbleed-dtls ", }, { title: "heartbleedchecker", trust: 0.1, url: "https://github.com/roganartu/heartbleedchecker ", }, { title: "nmap-heartbleed", trust: 0.1, url: "https://github.com/azet/nmap-heartbleed ", }, { title: "sslscan", trust: 0.1, url: "https://github.com/delishen/sslscan ", }, { title: "web-hacking", trust: 0.1, url: "https://github.com/hr-beast/web-hacking ", }, { title: "", trust: 0.1, url: "https://github.com/miss-brain/web-application-security ", }, { title: "web-hacking", trust: 0.1, url: "https://github.com/hemanthraju02/web-hacking ", }, { title: "awesome-web-hacking", trust: 0.1, url: "https://github.com/qwertskihack/awesome-web-hacking ", }, { title: "", trust: 0.1, url: "https://github.com/himera25/web-hacking-list ", }, { title: "", trust: 0.1, url: "https://github.com/dorota-fiit/bp-heartbleed-defense-game ", }, { title: "", trust: 0.1, url: "https://github.com/maheshmaske111/sslscan ", }, { title: "Heart-bleed", trust: 0.1, url: "https://github.com/anonymouse327311/heart-bleed ", }, { title: "goScan", trust: 0.1, url: "https://github.com/stackviolator/goscan ", }, { title: "sec-tool-list", trust: 0.1, url: "https://github.com/alphaseclab/sec-tool-list ", }, { title: "", trust: 0.1, url: "https://github.com/utensil/awesome-stars-test ", }, { title: "insecure-cplusplus-dojo", trust: 0.1, url: "https://github.com/patricia-gallardo/insecure-cplusplus-dojo ", }, { title: "", trust: 0.1, url: "https://github.com/jubalh/awesome-package-maintainer ", }, { title: "", trust: 0.1, url: "https://github.com/elnatty/tryhackme_labs ", }, { title: "", trust: 0.1, url: "https://github.com/hzuiw33/openssl ", }, { title: "makeItBleed", trust: 0.1, url: "https://github.com/mcampa/makeitbleed ", }, { title: "CVE-2014-0160-Chrome-Plugin", trust: 0.1, url: "https://github.com/xyl2k/cve-2014-0160-chrome-plugin ", }, { title: "heartbleedfixer.com", trust: 0.1, url: "https://github.com/reenhanced/heartbleedfixer.com ", }, { title: "CVE-2014-0160-Scanner", trust: 0.1, url: "https://github.com/obayesshelton/cve-2014-0160-scanner ", }, { title: "openmagic", trust: 0.1, url: "https://github.com/isgroup-srl/openmagic ", }, { title: "heartbleeder", trust: 0.1, url: "https://github.com/titanous/heartbleeder ", }, { title: "cardiac-arrest", trust: 0.1, url: "https://github.com/ah8r/cardiac-arrest ", }, { title: "heartbleed_openvpn_poc", trust: 0.1, url: "https://github.com/tam7t/heartbleed_openvpn_poc ", }, { title: "docker-wheezy-with-heartbleed", trust: 0.1, url: "https://github.com/simonswine/docker-wheezy-with-heartbleed ", }, { title: "docker-testssl", trust: 0.1, url: "https://github.com/mbentley/docker-testssl ", }, { title: "heartbleedscanner", trust: 0.1, url: "https://github.com/hybridus/heartbleedscanner ", }, { title: "HeartLeak", trust: 0.1, url: "https://github.com/offensivepython/heartleak ", }, { title: "HBL", trust: 0.1, url: "https://github.com/ssc-oscar/hbl ", }, { title: "awesome-stars", trust: 0.1, url: "https://github.com/utensil/awesome-stars ", }, { title: "SecurityTesting_web-hacking", trust: 0.1, url: "https://github.com/mostakimur/securitytesting_web-hacking ", }, { title: "awesome-web-hacking", trust: 0.1, url: "https://github.com/winterwolf32/awesome-web-hacking ", }, { title: "awesome-web-hacking-1", trust: 0.1, url: "https://github.com/winterwolf32/awesome-web-hacking-1 ", }, { title: "", trust: 0.1, url: "https://github.com/mehedi-babu/ethical_hacking_cyber ", }, { title: "", trust: 0.1, url: "https://github.com/drakyanerlanggarizkiwardhana/awesome-web-hacking ", }, { title: "awesome-web-hacking", trust: 0.1, url: "https://github.com/thanshurc/awesome-web-hacking ", }, { title: "hack", trust: 0.1, url: "https://github.com/nvnpsplt/hack ", }, { title: "awesome-web-hacking", trust: 0.1, url: "https://github.com/noname1007/awesome-web-hacking ", }, { title: "", trust: 0.1, url: "https://github.com/imranthethirdeye/awesome-web-hacking ", }, { title: "web-hacking", trust: 0.1, url: "https://github.com/ondrik8/web-hacking ", }, { title: "CheckSSL-ciphersuite", trust: 0.1, url: "https://github.com/kal1gh0st/checkssl-ciphersuite ", }, { title: "", trust: 0.1, url: "https://github.com/undacmic/heartbleed-demo ", }, { title: "", trust: 0.1, url: "https://github.com/mre-fog/ssl-heartbleed.nse ", }, { title: "welivesecurity", trust: 0.1, url: "https://www.welivesecurity.com/2015/08/03/worlds-biggest-bug-bounty-payouts/", }, { title: "Threatpost", trust: 0.1, url: "https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/", }, ], sources: [ { db: "VULMON", id: "CVE-2014-0160", }, { db: "JVNDB", id: "JVNDB-2014-001920", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-125", trust: 1, }, { problemtype: "CWE-119", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2014-001920", }, { db: "NVD", id: "CVE-2014-0160", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "http://heartbleed.com/", }, { trust: 1.9, url: "http://www.us-cert.gov/ncas/alerts/ta14-098a", }, { trust: 1.9, url: "https://code.google.com/p/mod-spdy/issues/detail?id=85", }, { trust: 1.9, url: "http://www.kb.cert.org/vuls/id/720951", }, { trust: 1.9, url: "https://www.cert.fi/en/reports/2014/vulnerability788210.html", }, { trust: 1.9, url: "http://advisories.mageia.org/mgasa-2014-0165.html", }, { trust: 1.4, url: "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", }, { trust: 1.4, url: "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", }, { trust: 1.4, url: "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", }, { trust: 1.4, url: "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/", }, { trust: 1.2, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-heartbleed", }, { trust: 1.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0160", }, { trust: 1.1, url: "https://bugzilla.redhat.com/show_bug.cgi?id=1084875", }, { trust: 1.1, url: "http://www.openssl.org/news/secadv_20140407.txt", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1030078", }, { trust: 1.1, url: "http://seclists.org/fulldisclosure/2014/apr/109", }, { trust: 1.1, url: "http://seclists.org/fulldisclosure/2014/apr/190", }, { trust: 1.1, url: "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-april/000184.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2014-0376.html", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2014-0396.html", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1030082", }, { trust: 1.1, url: "http://secunia.com/advisories/57347", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139722163017074&w=2", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1030077", }, { trust: 1.1, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21670161", }, { trust: 1.1, url: "http://www.debian.org/security/2014/dsa-2896", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2014-0377.html", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1030080", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131221.html", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1030074", }, { trust: 1.1, url: "http://seclists.org/fulldisclosure/2014/apr/90", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1030081", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2014-0378.html", }, { trust: 1.1, url: "http://seclists.org/fulldisclosure/2014/apr/91", }, { trust: 1.1, url: "http://secunia.com/advisories/57483", }, { trust: 1.1, url: "http://www.splunk.com/view/sp-caaamb3", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131291.html", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1030079", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html", }, { trust: 1.1, url: "http://secunia.com/advisories/57721", }, { trust: 1.1, url: "http://www.blackberry.com/btsc/kb35882", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1030026", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html", }, { trust: 1.1, url: "http://www.securityfocus.com/bid/66690", }, { trust: 1.1, url: "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/", }, { trust: 1.1, url: "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160", }, { trust: 1.1, url: "http://secunia.com/advisories/57966", }, { trust: 1.1, url: "http://www.f-secure.com/en/web/labs_global/fsc-2014-1", }, { trust: 1.1, url: "http://seclists.org/fulldisclosure/2014/apr/173", }, { trust: 1.1, url: "http://secunia.com/advisories/57968", }, { trust: 1.1, url: "http://www.exploit-db.com/exploits/32745", }, { trust: 1.1, url: "http://www.exploit-db.com/exploits/32764", }, { trust: 1.1, url: "http://secunia.com/advisories/57836", }, { trust: 1.1, url: "https://gist.github.com/chapmajs/10473815", }, { trust: 1.1, url: "http://cogentdatahub.com/releasenotes.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139905458328378&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139869891830365&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139889113431619&w=2", }, { trust: 1.1, url: "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=1", }, { trust: 1.1, url: "http://www.kerio.com/support/kerio-control/release-history", }, { trust: 1.1, url: "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=3", }, { trust: 1.1, url: "https://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay&spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04260637-4%257cdoclocale%253den_us%257ccalledby%253dsearch_result&javax.portlet.begcachetok=com.vignette.cachetoken&javax.portlet.endcachetok=com.vignette.cachetoken", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", }, { trust: 1.1, url: "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", }, { trust: 1.1, url: "https://filezilla-project.org/versions.php?type=server", }, { trust: 1.1, url: "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", }, { trust: 1.1, url: "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=141287864628122&w=2", }, { trust: 1.1, url: "http://seclists.org/fulldisclosure/2014/dec/23", }, { trust: 1.1, url: "http://www.vmware.com/security/advisories/vmsa-2014-0012.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142660345230545&w=2", }, { trust: 1.1, url: "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139817727317190&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139757726426985&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139758572430452&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139905653828999&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139842151128341&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139905405728262&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139833395230364&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139824993005633&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139843768401936&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139905202427693&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139774054614965&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139889295732144&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139835815211508&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=140724451518351&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139808058921905&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139836085512508&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139869720529462&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139905868529690&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139765756720506&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=140015787404650&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139824923705461&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139757919027752&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139774703817488&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139905243827825&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=140075368411126&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139905295427946&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139835844111589&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139757819327350&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139817685517037&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139905351928096&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=139817782017443&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=140752315422991&w=2", }, { trust: 1.1, url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00", }, { trust: 1.1, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004661", }, { trust: 1.1, url: "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf", }, { trust: 1.1, url: "http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf", }, { trust: 1.1, url: "http://secunia.com/advisories/59347", }, { trust: 1.1, url: "http://secunia.com/advisories/59243", }, { trust: 1.1, url: "http://secunia.com/advisories/59139", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html", }, { trust: 1.1, url: "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-119-01", }, { trust: 1.1, url: "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html", }, { trust: 1.1, url: "http://support.citrix.com/article/ctx140605", }, { trust: 1.1, url: "http://www.ubuntu.com/usn/usn-2165-1", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html", }, { trust: 1.1, url: "http://www.securityfocus.com/archive/1/534161/100/0/threaded", }, { trust: 1.1, url: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", }, { trust: 1.1, url: "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html", }, { trust: 1.1, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf", }, { trust: 1.1, url: "https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd", }, { trust: 1.1, url: "http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=96db9023b881d7cd9f379b0c154650d6c108e9a3", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e", }, { trust: 1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160", }, { trust: 0.9, url: "http://ics-cert.us-cert.gov/advisories/icsa-14-135-02", }, { trust: 0.8, url: "http://ics-cert.us-cert.gov/advisories/icsa-14-135-04", }, { trust: 0.8, url: "http://ics-cert.us-cert.gov/advisories/icsa-14-135-05", }, { trust: 0.8, url: "http://ics-cert.us-cert.gov/advisories/icsa-14-105-03a", }, { trust: 0.8, url: "http://ics-cert.us-cert.gov/advisories/icsa-14-105-02a", }, { trust: 0.8, url: "http://ics-cert.us-cert.gov/advisories/icsa-14-114-01", }, { trust: 0.8, url: "http://ics-cert.us-cert.gov/advisories/icsa-14-126-01", }, { trust: 0.8, url: "http://ics-cert.us-cert.gov/advisories/icsa-14-128-01", }, { trust: 0.8, url: "https://ics-cert.us-cert.gov/advisories/icsa-15-344-01", }, { trust: 0.8, url: "https://ics-cert.us-cert.gov/alerts/ics-alert-14-099-01e", }, { trust: 0.8, url: "http://www.ipa.go.jp/security/ciadr/vul/20140408-openssl.html", }, { trust: 0.8, url: "http://www.jpcert.or.jp/at/2014/at140013.html", }, { trust: 0.8, url: "http://jvn.jp/ta/jvnta99041988/", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu94401838/index.html", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0160", }, { trust: 0.8, url: "https://www.us-cert.gov/ncas/alerts/ta15-119a", }, { trust: 0.8, url: "http://www.cente.jp/article/release/483.html", }, { trust: 0.8, url: "http://www.aratana.jp/security/detail.php?id=8", }, { trust: 0.8, url: "https://tools.ietf.org/html/rfc6520", }, { trust: 0.8, url: "http://www.npa.go.jp/cyberpolice/detect/pdf/20140410.pdf", }, { trust: 0.7, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/", }, { trust: 0.7, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/", }, { trust: 0.7, url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins", }, { trust: 0.4, url: "http://support.openview.hp.com/downloads.jsp", }, { trust: 0.3, url: "http://www.ocert.org/advisories/ocert-2014-003.html", }, { trust: 0.3, url: "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048", }, { trust: 0.3, url: "https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/", }, { trust: 0.3, url: "http://pyyaml.org/wiki/libyaml", }, { trust: 0.3, url: "http://rhn.redhat.com/errata/rhsa-2014-0353.html", }, { trust: 0.3, url: "http://puppetlabs.com/security/cve/cve-2014-2525", }, { trust: 0.3, url: "http://rhn.redhat.com/errata/rhsa-2014-0354.html", }, { trust: 0.3, url: "https://rhn.redhat.com/errata/rhsa-2014-0355.html", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0076", }, { trust: 0.2, url: "http://www8.hp.com/us/en/software-so", }, { trust: 0.2, url: "http://www8.h", }, { trust: 0.2, url: "http://gpgtools.org", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/125.html", }, { trust: 0.1, url: "http://seclists.org/fulldisclosure/2019/jan/42", }, { trust: 0.1, url: "https://www.debian.org/security/./dsa-2896", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/", }, { trust: 0.1, url: "https://usn.ubuntu.com/2165-1/", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-d1488fd987894bc4ab3fe0ef52", }, { trust: 0.1, url: "http://www.hp.com/go/insightupdates", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-4575754bbb614b58bf0ae1ac37", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-37075daeead2433cb41b59ae76", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-27e03b2f9cd24e77adc9dba94a", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-bfd3c0fb11184796b9428ced37", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/diagsrv_00064", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/diagprb_00112", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/diagprb_00114", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/diagsrv_00065", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/diagprb_00109", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/diagcol_00059", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/diagcol_00061", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/diagprb_00111", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/diagcol_00060", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/diagprb_00110", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/diagsrv_00066", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/diagcol_00062", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/diagsrv_00062", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/diagprb_00113", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/diagsrv_00063", }, { trust: 0.1, url: "http://www.apple.com/support/downloads/", }, { trust: 0.1, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.1, url: "http://support.apple.com/kb/ht1222", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/km00843525", }, { trust: 0.1, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n", }, { trust: 0.1, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0288", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0287", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3571", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0198", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3567", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3572", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0209", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0289", }, { trust: 0.1, url: "http://www.mandriva.com/en/support/security/", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3513", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204", }, { trust: 0.1, url: "http://openssl.org/news/secadv_20150319.txt", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-5298", }, { trust: 0.1, url: "http://openssl.org/news/secadv_20150108.txt", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0204", }, { trust: 0.1, url: "http://www.mandriva.com/en/support/security/advisories/", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0293", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0224", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3570", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0205", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0221", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8275", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3569", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3470", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0195", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0286", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3566", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0206", }, { trust: 0.1, url: "http://creativecommons.org/licenses/by-sa/2.5", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0160", }, { trust: 0.1, url: "http://security.gentoo.org/", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0076", }, { trust: 0.1, url: "https://bugs.gentoo.org.", }, { trust: 0.1, url: "http://security.gentoo.org/glsa/glsa-201404-07.xml", }, { trust: 0.1, url: "http://eprint.iacr.org/2014/140", }, { trust: 0.1, url: "http://slackware.com", }, { trust: 0.1, url: "http://osuosl.org)", }, { trust: 0.1, url: "http://slackware.com/gpg-key", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140430-mxp", }, { trust: 0.1, url: "https://h20564.www2.hp.com/portal/site/hpsc/p", }, ], sources: [ { db: "VULMON", id: "CVE-2014-0160", }, { db: "BID", id: "66478", }, { db: "JVNDB", id: "JVNDB-2014-001920", }, { db: "PACKETSTORM", id: "126993", }, { db: "PACKETSTORM", id: "126785", }, { db: "PACKETSTORM", id: "126161", }, { db: "PACKETSTORM", id: "126285", }, { db: "PACKETSTORM", id: "126458", }, { db: "PACKETSTORM", id: "126203", }, { db: "PACKETSTORM", id: "126450", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "126056", }, { db: "PACKETSTORM", id: "126086", }, { db: "PACKETSTORM", id: "126420", }, { db: "PACKETSTORM", id: "126236", }, { db: "NVD", id: "CVE-2014-0160", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2014-0160", }, { db: "BID", id: "66478", }, { db: "JVNDB", id: "JVNDB-2014-001920", }, { db: "PACKETSTORM", id: "126993", }, { db: "PACKETSTORM", id: "126785", }, { db: "PACKETSTORM", id: "126161", }, { db: "PACKETSTORM", id: "126285", }, { db: "PACKETSTORM", id: "126458", }, { db: "PACKETSTORM", id: "126203", }, { db: "PACKETSTORM", id: "126450", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "126056", }, { db: "PACKETSTORM", id: "126086", }, { db: "PACKETSTORM", id: "126420", }, { db: "PACKETSTORM", id: "126236", }, { db: "NVD", id: "CVE-2014-0160", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2014-04-07T00:00:00", db: "VULMON", id: "CVE-2014-0160", }, { date: "2014-03-26T00:00:00", db: "BID", id: "66478", }, { date: "2014-04-08T00:00:00", db: "JVNDB", id: "JVNDB-2014-001920", }, { date: "2014-06-09T20:24:25", db: "PACKETSTORM", id: "126993", }, { date: "2014-05-23T13:14:00", db: "PACKETSTORM", id: "126785", }, { date: "2014-04-15T23:00:43", db: "PACKETSTORM", id: "126161", }, { date: "2014-04-23T21:26:11", db: "PACKETSTORM", id: "126285", }, { date: "2014-05-03T02:17:11", db: "PACKETSTORM", id: "126458", }, { date: "2014-04-17T22:03:30", db: "PACKETSTORM", id: "126203", }, { date: "2014-05-02T23:02:22", db: "PACKETSTORM", id: "126450", }, { date: "2015-03-27T20:42:44", db: "PACKETSTORM", id: "131044", }, { date: "2014-04-08T21:22:19", db: "PACKETSTORM", id: "126056", }, { date: "2014-04-09T22:48:55", db: "PACKETSTORM", id: "126086", }, { date: "2014-05-01T02:18:26", db: "PACKETSTORM", id: "126420", }, { date: "2014-04-21T19:51:58", db: "PACKETSTORM", id: "126236", }, { date: "2014-04-07T22:55:03.893000", db: "NVD", id: "CVE-2014-0160", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-11-07T00:00:00", db: "VULMON", id: "CVE-2014-0160", }, { date: "2017-05-02T04:07:00", db: "BID", id: "66478", }, { date: "2015-12-22T00:00:00", db: "JVNDB", id: "JVNDB-2014-001920", }, { date: "2024-07-02T16:52:39.560000", db: "NVD", id: "CVE-2014-0160", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "66478", }, ], trust: 0.3, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OpenSSL of heartbeat Information disclosure vulnerability in expansion", sources: [ { db: "JVNDB", id: "JVNDB-2014-001920", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Input Validation Error", sources: [ { db: "BID", id: "66478", }, ], trust: 0.3, }, }