jvndb - jvndb-2016-000190

jvndb-2016-000190

Vulnerability from jvndb

Published

2016-10-03 15:43

Modified

2017-04-24 15:05

Severity

4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

Cybozu Office vulnerable to mail header injection

Details

Cybozu Office contains a mail header injection vulnerability in the process of sending emails. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.

References

Type	URL
JVN	https://jvn.jp/en/jp/JVN08736331/index.html
CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4868
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4868
Improper Input Validation(CWE-20)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor	Product
Cybozu, Inc.	Cybozu Office

Show details on JVN DB website

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html",
  "dc:date": "2017-04-24T15:05+09:00",
  "dcterms:issued": "2016-10-03T15:43+09:00",
  "dcterms:modified": "2017-04-24T15:05+09:00",
  "description": "Cybozu Office contains a mail header injection vulnerability in the process of sending emails.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:office",
    "@product": "Cybozu Office",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000190",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN08736331/index.html",
      "@id": "JVN#08736331",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4868",
      "@id": "CVE-2016-4868",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4868",
      "@id": "CVE-2016-4868",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    }
  ],
  "title": "Cybozu Office vulnerable to mail header injection"
}

cve-2016-4868

Vulnerability from cvelistv5

Published

2017-04-17 15:00

Modified

2024-08-06 00:46

Severity

Summary

Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.

References

URL	Tags
https://support.cybozu.com/ja-jp/article/9433	x_refsource_CONFIRM
http://www.securityfocus.com/bid/97713	vdb-entry, x_refsource_BID
http://jvn.jp/en/jp/JVN08736331/index.html	third-party-advisory, x_refsource_JVN
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html	third-party-advisory, x_refsource_JVNDB

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:46:38.547Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9433"
          },
          {
            "name": "97713",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97713"
          },
          {
            "name": "JVN#08736331",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN08736331/index.html"
          },
          {
            "name": "JVNDB-2016-000190",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-22T15:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9433"
        },
        {
          "name": "97713",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97713"
        },
        {
          "name": "JVN#08736331",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN08736331/index.html"
        },
        {
          "name": "JVNDB-2016-000190",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-4868",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.cybozu.com/ja-jp/article/9433",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/9433"
            },
            {
              "name": "97713",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97713"
            },
            {
              "name": "JVN#08736331",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN08736331/index.html"
            },
            {
              "name": "JVNDB-2016-000190",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2016-4868",
    "datePublished": "2017-04-17T15:00:00",
    "dateReserved": "2016-05-17T00:00:00",
    "dateUpdated": "2024-08-06T00:46:38.547Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.