jvndb-2010-000016
Vulnerability from jvndb
Published
2010-04-21 17:27
Modified
2010-04-21 17:27
Severity ?
() - -
Summary
Multiple Cybozu products vulnerable to authentication bypass
Details
Multiple Cybozu products contain an authentication bypass vulnerability. Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product.
References
JVN http://jvn.jp/en/jp/JVN87730223/index.html
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2029
NVD http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2029
IPA SECURITY ALERTS http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html
SECUNIA http://secunia.com/advisories/39508
XF http://xforce.iss.net/xforce/xfdb/57976
OSVDB http://www.osvdb.org/63933
Permissions(CWE-264) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Cybozu, Inc.Cybozu Dotsales
Cybozu, Inc.Cybozu Office
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000016.html",
  "dc:date": "2010-04-21T17:27+09:00",
  "dcterms:issued": "2010-04-21T17:27+09:00",
  "dcterms:modified": "2010-04-21T17:27+09:00",
  "description": "Multiple Cybozu products contain an authentication bypass vulnerability.\r\n\r\nMultiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product.",
  "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000016.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:dotsales",
      "@product": "Cybozu Dotsales",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:office",
      "@product": "Cybozu Office",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2010-000016",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN87730223/index.html",
      "@id": "JVN#87730223",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2029",
      "@id": "CVE-2010-2029",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2029",
      "@id": "CVE-2010-2029",
      "@source": "NVD"
    },
    {
      "#text": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html",
      "@id": "Security Alert for Vulnerability in Multiple Cybozu Products",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "http://secunia.com/advisories/39508",
      "@id": "SA39508",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/57976",
      "@id": "57976",
      "@source": "XF"
    },
    {
      "#text": "http://www.osvdb.org/63933",
      "@id": "63933",
      "@source": "OSVDB"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Multiple Cybozu products vulnerable to authentication bypass"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.