cvelistv5 - cve-2018-0528

cve-2018-0528

Vulnerability from cvelistv5

Published

2018-06-26 14:00

Modified

2024-08-05 03:28

Severity ?

Summary

Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.

References

▼	URL	Tags
	vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN51737843/index.html	Third Party Advisory
	vultures@jpcert.or.jp	https://support.cybozu.com/ja-jp/article/9812	Third Party Advisory

Impacted products

▼	Vendor	Product
	Cybozu, Inc.	Cybozu Office

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.059Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9812"
          },
          {
            "name": "JVN#51737843",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-06-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authentication bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-26T13:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9812"
        },
        {
          "name": "JVN#51737843",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0528",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authentication bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.cybozu.com/ja-jp/article/9812",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/9812"
            },
            {
              "name": "JVN#51737843",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0528",
    "datePublished": "2018-06-26T14:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:28:11.059Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-0528\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2018-06-26T14:29:00.317\",\"lastModified\":\"2018-08-09T13:25:30.423\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Cybozu Garoon, de la versi\u00f3n 10.0.0 a la 10.7.0, permite que los atacantes autenticados omitan la autenticaci\u00f3n para ver los horarios a los que no se les permite acceder mediante vectores sin especificar.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.7.0\",\"matchCriteriaId\":\"18FBE1C9-73D9-4F83-A059-76FB719CDF00\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN51737843/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.cybozu.com/ja-jp/article/9812\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

cve-2018-0528

Vulnerability from jvndb

Published

2018-05-22 14:30

Modified

2018-08-30 16:03

Severity ?

4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Summary

Multiple vulnerabilities in Cybozu Office

Details

Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. *Information disclosure in the application "Message" when viewing an external image (CWE-200) - CVE-2018-0526 *Stored cross-site scripting in "E-mail Details Screen" of the application "E-mail" (CWE-79) - CVE-2018-0527 *Browse restriction bypass in the application "Scheduler" (CWE-264) - CVE-2018-0528 *Denial-of-service (DoS) in the application "Message" due to a flaw in processing of an attached file (CWE-20) - CVE-2018-0529 *Reflected cross-site scripting in the application "MultiReport" (CWE-79) - CVE-2018-0565 *Browse restriction bypass in the application "Scheduler" (CWE-264) - CVE-2018-0566 *Operation restriction bypass in the application "Bulletin" (CWE-264) - CVE-2018-0567 Jun Kokatsu reported CVE-2018-0526 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. Masato Kinugawa reported CVE-2018-0527 and CVE-2018-0565 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. Cybozu, Inc. reported CVE-2018-0528, CVE-2018-0529 and CVE-2018-0566 vulnerabilities to JPCERT/CC to notify users of respective solutions through JVN. Yuji Tounai reported CVE-2018-0567 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.

References

▼	Type	URL
	JVN	https://jvn.jp/jp/JVN51737843/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0526
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0527
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0528
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0529
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0565
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0566
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0567
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0565
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0566
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0567
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0526
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0527
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0528
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0529
	Improper Input Validation(CWE-20)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Information Exposure(CWE-200)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Cybozu, Inc.	Cybozu Office

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000053.html",
  "dc:date": "2018-08-30T16:03+09:00",
  "dcterms:issued": "2018-05-22T14:30+09:00",
  "dcterms:modified": "2018-08-30T16:03+09:00",
  "description": "Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n\r\n*Information disclosure in the application \"Message\" when viewing an external image (CWE-200) - CVE-2018-0526\r\n*Stored cross-site scripting in \"E-mail Details Screen\" of the application \"E-mail\" (CWE-79) - CVE-2018-0527\r\n*Browse restriction bypass in the application \"Scheduler\" (CWE-264) - CVE-2018-0528\r\n*Denial-of-service (DoS) in the application \"Message\" due to a flaw in processing of an attached file  (CWE-20) - CVE-2018-0529\r\n*Reflected cross-site scripting in the application \"MultiReport\" (CWE-79) - CVE-2018-0565\r\n*Browse restriction bypass in the application \"Scheduler\" (CWE-264) - CVE-2018-0566\t\r\n*Operation restriction bypass in the application \"Bulletin\" (CWE-264) - CVE-2018-0567\r\n\r\nJun Kokatsu reported CVE-2018-0526 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nMasato Kinugawa reported CVE-2018-0527 and CVE-2018-0565 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCybozu, Inc. reported CVE-2018-0528, CVE-2018-0529 and CVE-2018-0566 vulnerabilities to JPCERT/CC to notify users of respective solutions through JVN.\r\n\r\nYuji Tounai reported CVE-2018-0567 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000053.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000053",
  "sec:references": [
    {
      "#text": "https://jvn.jp/jp/JVN51737843/index.html",
      "@id": "JVN#51737843",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0526",
      "@id": "CVE-2018-0526",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0527",
      "@id": "CVE-2018-0527",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0528",
      "@id": "CVE-2018-0528",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0529",
      "@id": "CVE-2018-0529",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0565",
      "@id": "CVE-2018-0565",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0566",
      "@id": "CVE-2018-0566",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0567",
      "@id": "CVE-2018-0567",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0565",
      "@id": "CVE-2018-0565",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0566",
      "@id": "CVE-2018-0566",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0567",
      "@id": "CVE-2018-0567",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0526",
      "@id": "CVE-2018-0526",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0527",
      "@id": "CVE-2018-0527",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0528",
      "@id": "CVE-2018-0528",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0529",
      "@id": "CVE-2018-0529",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Office"
}

gsd-2018-0528

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.

Aliases

CVE-2018-0528

Aliases

CVE-2018-0528

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0528",
    "description": "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.",
    "id": "GSD-2018-0528"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0528"
      ],
      "details": "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.",
      "id": "GSD-2018-0528",
      "modified": "2023-12-13T01:22:25.279326Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-0528",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cybozu Office",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "10.0.0 to 10.7.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cybozu, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Authentication bypass"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.cybozu.com/ja-jp/article/9812",
            "refsource": "CONFIRM",
            "url": "https://support.cybozu.com/ja-jp/article/9812"
          },
          {
            "name": "JVN#51737843",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.7.0",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0528"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                },
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.cybozu.com/ja-jp/article/9812",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.cybozu.com/ja-jp/article/9812"
            },
            {
              "name": "JVN#51737843",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2018-08-09T13:25Z",
      "publishedDate": "2018-06-26T14:29Z"
    }
  }
}

ghsa-ccx3-hv5h-8jcg

Vulnerability from github

Published

2022-05-14 03:09

Modified

2022-05-14 03:09

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-0528"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-26T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.",
  "id": "GHSA-ccx3-hv5h-8jcg",
  "modified": "2022-05-14T03:09:04Z",
  "published": "2022-05-14T03:09:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0528"
    },
    {
      "type": "WEB",
      "url": "https://support.cybozu.com/ja-jp/article/9812"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN51737843/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2018-0528

Vulnerability from cvelistv5

cve-2018-0528

Vulnerability from jvndb

gsd-2018-0528

Vulnerability from gsd

ghsa-ccx3-hv5h-8jcg

Vulnerability from github

Tags

Sightings

Nomenclature