cvelistv5 - cve-2021-20633

cve-2021-20633

Vulnerability from cvelistv5

Published

2021-03-18 00:56

Modified

2024-08-03 17:45

Severity ?

Summary

Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.

References

▼	URL	Tags
	vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN45797538/index.html	Third Party Advisory
	vultures@jpcert.or.jp	https://kb.cybozu.support/article/36869/	Vendor Advisory

Impacted products

▼	Vendor	Product
	Cybozu, Inc.	Cybozu Office

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.214Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/36869/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-18T00:56:02",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/36869/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20633",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN45797538/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/36869/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/36869/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20633",
    "datePublished": "2021-03-18T00:56:02",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-20633\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2021-03-18T01:15:12.170\",\"lastModified\":\"2022-07-12T17:42:04.277\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de control de acceso inapropiado en Cabinet de Cybozu Office versiones 10.0.0 hasta 10.8.4, permite a atacantes autenticados omitir la restricci\u00f3n de acceso y obtener la fecha de Cabinet por medio de vectores no especificados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.8.4\",\"matchCriteriaId\":\"A468F5BE-4EB2-464F-AE29-D0C98163C410\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN45797538/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kb.cybozu.support/article/36869/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

ghsa-9cgr-qjc2-p73m

Vulnerability from github

Published

2022-05-24 17:44

Modified

2022-07-13 00:01

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-20633"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-18T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.",
  "id": "GHSA-9cgr-qjc2-p73m",
  "modified": "2022-07-13T00:01:05Z",
  "published": "2022-05-24T17:44:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20633"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
    },
    {
      "type": "WEB",
      "url": "https://kb.cybozu.support/article/36869"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2021-20633

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.

Aliases

CVE-2021-20633

Aliases

CVE-2021-20633

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-20633",
    "description": "Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.",
    "id": "GSD-2021-20633"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-20633"
      ],
      "details": "Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.",
      "id": "GSD-2021-20633",
      "modified": "2023-12-13T01:23:12.277043Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2021-20633",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cybozu Office",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "10.0.0 to 10.8.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cybozu, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://jvn.jp/en/jp/JVN45797538/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
          },
          {
            "name": "https://kb.cybozu.support/article/36869/",
            "refsource": "MISC",
            "url": "https://kb.cybozu.support/article/36869/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.8.4",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20633"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-863"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.cybozu.support/article/36869/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.cybozu.support/article/36869/"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN45797538/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2021-03-23T13:49Z",
      "publishedDate": "2021-03-18T01:15Z"
    }
  }
}

cve-2021-20633

Vulnerability from jvndb

Published

2021-03-15 15:56

Modified

2021-12-17 17:51

Severity ?

4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Multiple vulnerabilities in Cybozu Office

Details

Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. *[CyVDB-1657] Operational restrictions bypass vulnerability in Scheduler (CWE-264) - CVE-2021-20624 *[CyVDB-1727] Operational restrictions bypass vulnerability in Bulletin Board (CWE-264) - CVE-2021-20625 *[CyVDB-1895][CyVDB-2658] Operational restrictions bypass vulnerability in Workflow (CWE-264) - CVE-2021-20626 *[CyVDB-1899] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20627 *[CyVDB-1924] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20628 *[CyVDB-2014] Cross-site scripting vulnerability in E-mail (CWE-79) - CVE-2021-20629 *[CyVDB-2018] Viewing restrictions bypass vulnerability in Phone Messages (CWE-264) - CVE-2021-20630 *[CyVDB-2063] Improper input validation vulnerability in Custom App (CWE-20) - CVE-2021-20631 *[CyVDB-2263] Viewing restrictions bypass vulnerability in Bulletin Board (CWE-264) - CVE-2021-20632 *[CyVDB-2310] Viewing restrictions bypass vulnerability in Cabinet (CWE-264) - CVE-2021-20633 *[CyVDB-2764] Viewing restrictions bypass vulnerability in Custom App (CWE-264) - CVE-2021-20634 *[CyVDB-1900] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20849 CVE-2021-20624, CVE-2021-20625 and CVE-2021-20629 Yuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. CVE-2021-20627, CVE-2021-20628 and CVE-2021-20849 Kanta Nishitani of Ierae Security Inc. reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. CVE-2021-20630 and CVE-2021-20631 Shuichi Uruma reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. CVE-2021-20626, CVE-2021-20632, CVE-2021-20633 and CVE-2021-20634 Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN45797538/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20624
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20625
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20626
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20627
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20628
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20629
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20630
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20631
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20632
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20633
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20634
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20849
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20624
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20625
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20626
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20627
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20628
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20629
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20630
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20631
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20632
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20633
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20634
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20849
	Improper Input Validation(CWE-20)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Cybozu, Inc.	Cybozu Office

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000022.html",
  "dc:date": "2021-12-17T17:51+09:00",
  "dcterms:issued": "2021-03-15T15:56+09:00",
  "dcterms:modified": "2021-12-17T17:51+09:00",
  "description": "Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n*[CyVDB-1657] Operational restrictions bypass vulnerability in Scheduler (CWE-264) - CVE-2021-20624\r\n*[CyVDB-1727] Operational restrictions bypass vulnerability in Bulletin Board (CWE-264) - CVE-2021-20625\r\n*[CyVDB-1895][CyVDB-2658] Operational restrictions bypass vulnerability in Workflow (CWE-264) - CVE-2021-20626\r\n*[CyVDB-1899] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20627\r\n*[CyVDB-1924] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20628\r\n*[CyVDB-2014] Cross-site scripting vulnerability in E-mail (CWE-79) - CVE-2021-20629\r\n*[CyVDB-2018] Viewing restrictions bypass vulnerability in Phone Messages (CWE-264) - CVE-2021-20630\r\n*[CyVDB-2063] Improper input validation vulnerability in Custom App (CWE-20) - CVE-2021-20631\r\n*[CyVDB-2263] Viewing restrictions bypass vulnerability in Bulletin Board (CWE-264) - CVE-2021-20632\r\n*[CyVDB-2310] Viewing restrictions bypass vulnerability in Cabinet (CWE-264) - CVE-2021-20633\r\n*[CyVDB-2764] Viewing restrictions bypass vulnerability in Custom App (CWE-264) - CVE-2021-20634\r\n*[CyVDB-1900] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20849\r\n\r\nCVE-2021-20624, CVE-2021-20625 and CVE-2021-20629\r\nYuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20627, CVE-2021-20628 and CVE-2021-20849\r\nKanta Nishitani of Ierae Security Inc. reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20630 and CVE-2021-20631\r\nShuichi Uruma reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20626, CVE-2021-20632, CVE-2021-20633 and CVE-2021-20634\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000022.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000022",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN45797538/index.html",
      "@id": "JVN#45797538",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20624",
      "@id": "CVE-2021-20624",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20625",
      "@id": "CVE-2021-20625",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20626",
      "@id": "CVE-2021-20626",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20627",
      "@id": "CVE-2021-20627",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20628",
      "@id": "CVE-2021-20628",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20629",
      "@id": "CVE-2021-20629",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20630",
      "@id": "CVE-2021-20630",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20631",
      "@id": "CVE-2021-20631",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20632",
      "@id": "CVE-2021-20632",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20633",
      "@id": "CVE-2021-20633",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20634",
      "@id": "CVE-2021-20634",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20849",
      "@id": "CVE-2021-20849",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20624",
      "@id": "CVE-2021-20624",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20625",
      "@id": "CVE-2021-20625",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20626",
      "@id": "CVE-2021-20626",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20627",
      "@id": "CVE-2021-20627",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20628",
      "@id": "CVE-2021-20628",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20629",
      "@id": "CVE-2021-20629",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20630",
      "@id": "CVE-2021-20630",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20631",
      "@id": "CVE-2021-20631",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20632",
      "@id": "CVE-2021-20632",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20633",
      "@id": "CVE-2021-20633",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20634",
      "@id": "CVE-2021-20634",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20849",
      "@id": "CVE-2021-20849",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Office"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2021-20633

Vulnerability from cvelistv5

ghsa-9cgr-qjc2-p73m

Vulnerability from github

gsd-2021-20633

Vulnerability from gsd

cve-2021-20633

Vulnerability from jvndb

Tags

Sightings

Nomenclature