jvndb-2010-000016
Vulnerability from jvndb
Published
2010-04-21 17:27
Modified
2010-04-21 17:27
Severity
() - -
Summary
Multiple Cybozu products vulnerable to authentication bypass
Details
Multiple Cybozu products contain an authentication bypass vulnerability. Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product.
References
TypeURL
JVN http://jvn.jp/en/jp/JVN87730223/index.html
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2029
NVD http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2029
IPA SECURITY ALERTS http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html
SECUNIA http://secunia.com/advisories/39508
XF http://xforce.iss.net/xforce/xfdb/57976
OSVDB http://www.osvdb.org/63933
Permissions(CWE-264) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
VendorProduct
Cybozu, Inc.Cybozu Dotsales
Cybozu, Inc.Cybozu Office
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000016.html",
  "dc:date": "2010-04-21T17:27+09:00",
  "dcterms:issued": "2010-04-21T17:27+09:00",
  "dcterms:modified": "2010-04-21T17:27+09:00",
  "description": "Multiple Cybozu products contain an authentication bypass vulnerability.\r\n\r\nMultiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product.",
  "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000016.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:dotsales",
      "@product": "Cybozu Dotsales",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:office",
      "@product": "Cybozu Office",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2010-000016",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN87730223/index.html",
      "@id": "JVN#87730223",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2029",
      "@id": "CVE-2010-2029",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2029",
      "@id": "CVE-2010-2029",
      "@source": "NVD"
    },
    {
      "#text": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html",
      "@id": "Security Alert for Vulnerability in Multiple Cybozu Products",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "http://secunia.com/advisories/39508",
      "@id": "SA39508",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/57976",
      "@id": "57976",
      "@source": "XF"
    },
    {
      "#text": "http://www.osvdb.org/63933",
      "@id": "63933",
      "@source": "OSVDB"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Multiple Cybozu products vulnerable to authentication bypass"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.