Refine your search
47 vulnerabilities found for Cybozu Office by Cybozu, Inc.
jvndb-2024-000079
Vulnerability from jvndb
Published
2024-08-06 14:59
Modified
2024-08-06 14:59
Severity ?
Summary
Cybozu Office vulnerable to bypass browsing restrictions in Custom App
Details
Cybozu Office provided by Cybozu, Inc. contains a vulnerability which allows to bypass browsing restrictions in Custom App (CWE-201).
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000079.html",
"dc:date": "2024-08-06T14:59+09:00",
"dcterms:issued": "2024-08-06T14:59+09:00",
"dcterms:modified": "2024-08-06T14:59+09:00",
"description": "Cybozu Office provided by Cybozu, Inc. contains a vulnerability which allows to bypass browsing restrictions in Custom App (CWE-201).\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000079.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000079",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN29845579/index.html",
"@id": "JVN#29845579",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-39817",
"@id": "CVE-2024-39817",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Cybozu Office vulnerable to bypass browsing restrictions in Custom App"
}
jvndb-2022-000054
Vulnerability from jvndb
Published
2022-07-20 17:28
Modified
2024-06-14 14:02
Severity ?
Summary
Multiple vulnerabilities in Cybozu Office
Details
Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* [CyVDB-839][CyVDB-2300][CyVDB-3109] Browse restriction bypass vulnerability in Cabinet (CWE-284) - CVE-2022-32283
* [CyVDB-1795] Operation restriction bypass vulnerability in Project (CWE-285) - CVE-2022-32544
* [CyVDB-1800][CyVDB-2798][CyVDB-2927] Browse restriction bypass vulnerability in Custom App (CWE-284) - CVE-2022-29891
* [CyVDB-1849] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-33151
* [CyVDB-1851][CyVDB-1856][CyVDB-1873][CyVDB-1944][CyVDB-2173] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-28715
* [CyVDB-1859] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-30604
* [CyVDB-2030] HTTP header injection vulnerability (CWE-113) - CVE-2022-32453
* [CyVDB-2152][CyVDB-2153][CyVDB-2154][CyVDB-2155] Information disclosure vulnerability in the system configuration (CWE-200) - CVE-2022-30693
* [CyVDB-2693] Operation restriction bypass vulnerability in Scheduler (CWE-285) - CVE-2022-32583
* [CyVDB-2695][CyVDB-2819] Browse restriction bypass vulnerability in Scheduler (CWE-284) - CVE-2022-25986
* [CyVDB-2770] Browse restriction bypass vulnerability in Address Book (CWE-284) - CVE-2022-33311
* [CyVDB-2939] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-29487
CVE-2022-28715, CVE-2022-30604, CVE-2022-32453, CVE-2022-33151
Masato Kinugawa reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2022-29891, CVE-2022-32544, CVE-2022-32583
Yuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2022-30693
Kanta Nishitani of Ierae Security Inc. reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
CVE-2022-29487, CVE-2022-25986, CVE-2022-32283, CVE-2022-33311
Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000054.html",
"dc:date": "2024-06-14T14:02+09:00",
"dcterms:issued": "2022-07-20T17:28+09:00",
"dcterms:modified": "2024-06-14T14:02+09:00",
"description": "Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n* [CyVDB-839][CyVDB-2300][CyVDB-3109] Browse restriction bypass vulnerability in Cabinet (CWE-284) - CVE-2022-32283\r\n* [CyVDB-1795] Operation restriction bypass vulnerability in Project (CWE-285) - CVE-2022-32544\r\n* [CyVDB-1800][CyVDB-2798][CyVDB-2927] Browse restriction bypass vulnerability in Custom App (CWE-284) - CVE-2022-29891\r\n* [CyVDB-1849] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-33151\r\n* [CyVDB-1851][CyVDB-1856][CyVDB-1873][CyVDB-1944][CyVDB-2173] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-28715\r\n* [CyVDB-1859] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-30604\r\n* [CyVDB-2030] HTTP header injection vulnerability (CWE-113) - CVE-2022-32453\r\n* [CyVDB-2152][CyVDB-2153][CyVDB-2154][CyVDB-2155] Information disclosure vulnerability in the system configuration (CWE-200) - CVE-2022-30693\r\n* [CyVDB-2693] Operation restriction bypass vulnerability in Scheduler (CWE-285) - CVE-2022-32583\r\n* [CyVDB-2695][CyVDB-2819] Browse restriction bypass vulnerability in Scheduler (CWE-284) - CVE-2022-25986\r\n* [CyVDB-2770] Browse restriction bypass vulnerability in Address Book (CWE-284) - CVE-2022-33311\r\n* [CyVDB-2939] Cross-site scripting vulnerability in the specific parameters (CWE-79) - CVE-2022-29487\r\n\r\nCVE-2022-28715, CVE-2022-30604, CVE-2022-32453, CVE-2022-33151\r\nMasato Kinugawa reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2022-29891, CVE-2022-32544, CVE-2022-32583\r\nYuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2022-30693\r\nKanta Nishitani of Ierae Security Inc. reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2022-29487, CVE-2022-25986, CVE-2022-32283, CVE-2022-33311\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000054.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000054",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN20573662/index.html",
"@id": "JVN#20573662",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25986",
"@id": "CVE-2022-25986",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28715",
"@id": "CVE-2022-28715",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29487",
"@id": "CVE-2022-29487",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29891",
"@id": "CVE-2022-29891",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30604",
"@id": "CVE-2022-30604",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30693",
"@id": "CVE-2022-30693",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32283",
"@id": "CVE-2022-32283",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32453",
"@id": "CVE-2022-32453",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32544",
"@id": "CVE-2022-32544",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32583",
"@id": "CVE-2022-32583",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33151",
"@id": "CVE-2022-33151",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33311",
"@id": "CVE-2022-33311",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-25986",
"@id": "CVE-2022-25986",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28715",
"@id": "CVE-2022-28715",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29487",
"@id": "CVE-2022-29487",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29891",
"@id": "CVE-2022-29891",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30604",
"@id": "CVE-2022-30604",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30693",
"@id": "CVE-2022-30693",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-32283",
"@id": "CVE-2022-32283",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-32453",
"@id": "CVE-2022-32453",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-32544",
"@id": "CVE-2022-32544",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-32583",
"@id": "CVE-2022-32583",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-33151",
"@id": "CVE-2022-33151",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-33311",
"@id": "CVE-2022-33311",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Multiple vulnerabilities in Cybozu Office"
}
jvndb-2021-000022
Vulnerability from jvndb
Published
2021-03-15 15:56
Modified
2021-12-17 17:51
Severity ?
Summary
Multiple vulnerabilities in Cybozu Office
Details
Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
*[CyVDB-1657] Operational restrictions bypass vulnerability in Scheduler (CWE-264) - CVE-2021-20624
*[CyVDB-1727] Operational restrictions bypass vulnerability in Bulletin Board (CWE-264) - CVE-2021-20625
*[CyVDB-1895][CyVDB-2658] Operational restrictions bypass vulnerability in Workflow (CWE-264) - CVE-2021-20626
*[CyVDB-1899] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20627
*[CyVDB-1924] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20628
*[CyVDB-2014] Cross-site scripting vulnerability in E-mail (CWE-79) - CVE-2021-20629
*[CyVDB-2018] Viewing restrictions bypass vulnerability in Phone Messages (CWE-264) - CVE-2021-20630
*[CyVDB-2063] Improper input validation vulnerability in Custom App (CWE-20) - CVE-2021-20631
*[CyVDB-2263] Viewing restrictions bypass vulnerability in Bulletin Board (CWE-264) - CVE-2021-20632
*[CyVDB-2310] Viewing restrictions bypass vulnerability in Cabinet (CWE-264) - CVE-2021-20633
*[CyVDB-2764] Viewing restrictions bypass vulnerability in Custom App (CWE-264) - CVE-2021-20634
*[CyVDB-1900] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20849
CVE-2021-20624, CVE-2021-20625 and CVE-2021-20629
Yuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20627, CVE-2021-20628 and CVE-2021-20849
Kanta Nishitani of Ierae Security Inc. reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20630 and CVE-2021-20631
Shuichi Uruma reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20626, CVE-2021-20632, CVE-2021-20633 and CVE-2021-20634
Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
References
| Type | URL | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000022.html",
"dc:date": "2021-12-17T17:51+09:00",
"dcterms:issued": "2021-03-15T15:56+09:00",
"dcterms:modified": "2021-12-17T17:51+09:00",
"description": "Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n*[CyVDB-1657] Operational restrictions bypass vulnerability in Scheduler (CWE-264) - CVE-2021-20624\r\n*[CyVDB-1727] Operational restrictions bypass vulnerability in Bulletin Board (CWE-264) - CVE-2021-20625\r\n*[CyVDB-1895][CyVDB-2658] Operational restrictions bypass vulnerability in Workflow (CWE-264) - CVE-2021-20626\r\n*[CyVDB-1899] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20627\r\n*[CyVDB-1924] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20628\r\n*[CyVDB-2014] Cross-site scripting vulnerability in E-mail (CWE-79) - CVE-2021-20629\r\n*[CyVDB-2018] Viewing restrictions bypass vulnerability in Phone Messages (CWE-264) - CVE-2021-20630\r\n*[CyVDB-2063] Improper input validation vulnerability in Custom App (CWE-20) - CVE-2021-20631\r\n*[CyVDB-2263] Viewing restrictions bypass vulnerability in Bulletin Board (CWE-264) - CVE-2021-20632\r\n*[CyVDB-2310] Viewing restrictions bypass vulnerability in Cabinet (CWE-264) - CVE-2021-20633\r\n*[CyVDB-2764] Viewing restrictions bypass vulnerability in Custom App (CWE-264) - CVE-2021-20634\r\n*[CyVDB-1900] Cross-site scripting vulnerability in Address Book (CWE-79) - CVE-2021-20849\r\n\r\nCVE-2021-20624, CVE-2021-20625 and CVE-2021-20629\r\nYuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20627, CVE-2021-20628 and CVE-2021-20849\r\nKanta Nishitani of Ierae Security Inc. reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20630 and CVE-2021-20631\r\nShuichi Uruma reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20626, CVE-2021-20632, CVE-2021-20633 and CVE-2021-20634\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000022.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000022",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN45797538/index.html",
"@id": "JVN#45797538",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20624",
"@id": "CVE-2021-20624",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20625",
"@id": "CVE-2021-20625",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20626",
"@id": "CVE-2021-20626",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20627",
"@id": "CVE-2021-20627",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20628",
"@id": "CVE-2021-20628",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20629",
"@id": "CVE-2021-20629",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20630",
"@id": "CVE-2021-20630",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20631",
"@id": "CVE-2021-20631",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20632",
"@id": "CVE-2021-20632",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20633",
"@id": "CVE-2021-20633",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20634",
"@id": "CVE-2021-20634",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20849",
"@id": "CVE-2021-20849",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20624",
"@id": "CVE-2021-20624",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20625",
"@id": "CVE-2021-20625",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20626",
"@id": "CVE-2021-20626",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20627",
"@id": "CVE-2021-20627",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20628",
"@id": "CVE-2021-20628",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20629",
"@id": "CVE-2021-20629",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20630",
"@id": "CVE-2021-20630",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20631",
"@id": "CVE-2021-20631",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20632",
"@id": "CVE-2021-20632",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20633",
"@id": "CVE-2021-20633",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20634",
"@id": "CVE-2021-20634",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20849",
"@id": "CVE-2021-20849",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in Cybozu Office"
}
jvndb-2019-000076
Vulnerability from jvndb
Published
2019-12-17 13:55
Modified
2019-12-17 13:55
Severity ?
Summary
Multiple vulnerabilities in Cybozu Office
Details
Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* Directory traversal in the "Customapp" function (CWE-22) - CVE-2019-6022
* Browse restriction bypass in the application "Address" (CWE-284) - CVE-2019-6023
Two vulnerabilities were reported by the following persons to Cybozu, Inc. directly, and Cybozu Inc. reported the vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
CVE-2019-6022 by Shoji Baba
CVE-2019-6023 by Tanghaifeng
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000076.html",
"dc:date": "2019-12-17T13:55+09:00",
"dcterms:issued": "2019-12-17T13:55+09:00",
"dcterms:modified": "2019-12-17T13:55+09:00",
"description": "Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n* Directory traversal in the \"Customapp\" function (CWE-22) - CVE-2019-6022 \r\n\r\n* Browse restriction bypass in the application \"Address\" (CWE-284) - CVE-2019-6023 \r\n\r\nTwo vulnerabilities were reported by the following persons to Cybozu, Inc. directly, and Cybozu Inc. reported the vulnerabilities to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n CVE-2019-6022 by Shoji Baba\r\n CVE-2019-6023 by Tanghaifeng",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000076.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "7.7",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000076",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN79854355/index.html",
"@id": "JVN#79854355",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6022",
"@id": "CVE-2019-6022",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6023",
"@id": "CVE-2019-6023",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6022",
"@id": "CVE-2019-6022",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6023",
"@id": "CVE-2019-6023",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Multiple vulnerabilities in Cybozu Office"
}
jvndb-2018-000120
Vulnerability from jvndb
Published
2018-11-14 15:38
Modified
2019-08-27 12:28
Severity ?
Summary
Multiple directory traversal vulnerabilities in Cybozu Office
Details
Cybozu Office provided by Cybozu, Inc. contains multiple directory traversal vulnerabilities below.
* Directory traversal vulnerability due to a flaw in processing parameter of the HTTP request (CWE-22) - CVE-2018-0703
* Directory traversal vulnerability due to a flaw in processing parameter when logging out Keitai Screen (CWE-22) - CVE-2018-0704
Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000120.html",
"dc:date": "2019-08-27T12:28+09:00",
"dcterms:issued": "2018-11-14T15:38+09:00",
"dcterms:modified": "2019-08-27T12:28+09:00",
"description": "Cybozu Office provided by Cybozu, Inc. contains multiple directory traversal vulnerabilities below.\r\n* Directory traversal vulnerability due to a flaw in processing parameter of the HTTP request (CWE-22) - CVE-2018-0703\r\n* Directory traversal vulnerability due to a flaw in processing parameter when logging out Keitai Screen (CWE-22) - CVE-2018-0704\r\n\r\nYuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000120.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"@version": "2.0"
},
{
"@score": "8.6",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000120",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN15232217/index.html",
"@id": "JVN#15232217",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0703",
"@id": "CVE-2018-0703",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0704",
"@id": "CVE-2018-0704",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0703",
"@id": "CVE-2018-0703",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0704",
"@id": "CVE-2018-0704",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Multiple directory traversal vulnerabilities in Cybozu Office"
}
jvndb-2018-000053
Vulnerability from jvndb
Published
2018-05-22 14:30
Modified
2018-08-30 16:03
Severity ?
Summary
Multiple vulnerabilities in Cybozu Office
Details
Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
*Information disclosure in the application "Message" when viewing an external image (CWE-200) - CVE-2018-0526
*Stored cross-site scripting in "E-mail Details Screen" of the application "E-mail" (CWE-79) - CVE-2018-0527
*Browse restriction bypass in the application "Scheduler" (CWE-264) - CVE-2018-0528
*Denial-of-service (DoS) in the application "Message" due to a flaw in processing of an attached file (CWE-20) - CVE-2018-0529
*Reflected cross-site scripting in the application "MultiReport" (CWE-79) - CVE-2018-0565
*Browse restriction bypass in the application "Scheduler" (CWE-264) - CVE-2018-0566
*Operation restriction bypass in the application "Bulletin" (CWE-264) - CVE-2018-0567
Jun Kokatsu reported CVE-2018-0526 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
Masato Kinugawa reported CVE-2018-0527 and CVE-2018-0565 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
Cybozu, Inc. reported CVE-2018-0528, CVE-2018-0529 and CVE-2018-0566 vulnerabilities to JPCERT/CC to notify users of respective solutions through JVN.
Yuji Tounai reported CVE-2018-0567 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
References
| Type | URL | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000053.html",
"dc:date": "2018-08-30T16:03+09:00",
"dcterms:issued": "2018-05-22T14:30+09:00",
"dcterms:modified": "2018-08-30T16:03+09:00",
"description": "Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n\r\n*Information disclosure in the application \"Message\" when viewing an external image (CWE-200) - CVE-2018-0526\r\n*Stored cross-site scripting in \"E-mail Details Screen\" of the application \"E-mail\" (CWE-79) - CVE-2018-0527\r\n*Browse restriction bypass in the application \"Scheduler\" (CWE-264) - CVE-2018-0528\r\n*Denial-of-service (DoS) in the application \"Message\" due to a flaw in processing of an attached file (CWE-20) - CVE-2018-0529\r\n*Reflected cross-site scripting in the application \"MultiReport\" (CWE-79) - CVE-2018-0565\r\n*Browse restriction bypass in the application \"Scheduler\" (CWE-264) - CVE-2018-0566\t\r\n*Operation restriction bypass in the application \"Bulletin\" (CWE-264) - CVE-2018-0567\r\n\r\nJun Kokatsu reported CVE-2018-0526 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nMasato Kinugawa reported CVE-2018-0527 and CVE-2018-0565 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCybozu, Inc. reported CVE-2018-0528, CVE-2018-0529 and CVE-2018-0566 vulnerabilities to JPCERT/CC to notify users of respective solutions through JVN.\r\n\r\nYuji Tounai reported CVE-2018-0567 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000053.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000053",
"sec:references": [
{
"#text": "https://jvn.jp/jp/JVN51737843/index.html",
"@id": "JVN#51737843",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0526",
"@id": "CVE-2018-0526",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0527",
"@id": "CVE-2018-0527",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0528",
"@id": "CVE-2018-0528",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0529",
"@id": "CVE-2018-0529",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0565",
"@id": "CVE-2018-0565",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0566",
"@id": "CVE-2018-0566",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0567",
"@id": "CVE-2018-0567",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0565",
"@id": "CVE-2018-0565",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0566",
"@id": "CVE-2018-0566",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0567",
"@id": "CVE-2018-0567",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0526",
"@id": "CVE-2018-0526",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0527",
"@id": "CVE-2018-0527",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0528",
"@id": "CVE-2018-0528",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0529",
"@id": "CVE-2018-0529",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in Cybozu Office"
}
jvndb-2017-000225
Vulnerability from jvndb
Published
2017-10-11 14:28
Modified
2018-03-07 12:21
Severity ?
Summary
Cybozu Office fails to restrict access permissions
Details
Cybozu Office fails to restrict access permissions.
Cybozu Office provided by Cybozu, Inc. fails to restrict access permissions (CWE-284) due to an issue in "Cabinet" function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000225.html",
"dc:date": "2018-03-07T12:21+09:00",
"dcterms:issued": "2017-10-11T14:28+09:00",
"dcterms:modified": "2018-03-07T12:21+09:00",
"description": "Cybozu Office fails to restrict access permissions.\r\n\r\nCybozu Office provided by Cybozu, Inc. fails to restrict access permissions (CWE-284) due to an issue in \"Cabinet\" function.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000225.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000225",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN14658424/index.html",
"@id": "JVN#14658424",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10857",
"@id": "CVE-2017-10857",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10857",
"@id": "CVE-2017-10857",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Office fails to restrict access permissions"
}
jvndb-2017-000064
Vulnerability from jvndb
Published
2017-04-11 16:05
Modified
2017-06-01 11:30
Severity ?
Summary
Cybozu Office fails to restrict access permission in the file export function in "customapp"
Details
Cybozu Office contains an access restriction flaw in the file export function in "customapp".
Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000064.html",
"dc:date": "2017-06-01T11:30+09:00",
"dcterms:issued": "2017-04-11T16:05+09:00",
"dcterms:modified": "2017-06-01T11:30+09:00",
"description": "Cybozu Office contains an access restriction flaw in the file export function in \"customapp\".\r\n\r\nCybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000064.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000064",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN17535578/index.html",
"@id": "JVN#17535578",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2115",
"@id": "CVE-2017-2115",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2115",
"@id": "CVE-2017-2115",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Office fails to restrict access permission in the file export function in \"customapp\""
}
jvndb-2017-000065
Vulnerability from jvndb
Published
2017-04-11 16:05
Modified
2017-06-01 12:18
Severity ?
Summary
Cybozu Office fails to restrict access permission in the templates delete function in "customapp"
Details
Cybozu Office contains an access restriction flaw in the templates delete function in "customapp".
Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000065.html",
"dc:date": "2017-06-01T12:18+09:00",
"dcterms:issued": "2017-04-11T16:05+09:00",
"dcterms:modified": "2017-06-01T12:18+09:00",
"description": "Cybozu Office contains an access restriction flaw in the templates delete function in \"customapp\".\r\n\r\nCybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000065.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000065",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN17535578/index.html",
"@id": "JVN#17535578",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2116",
"@id": "CVE-2017-2116",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2116",
"@id": "CVE-2017-2116",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Office fails to restrict access permission in the templates delete function in \"customapp\""
}
jvndb-2017-000066
Vulnerability from jvndb
Published
2017-04-11 16:05
Modified
2017-04-11 16:05
Severity ?
Summary
The API in Cybozu Office vulnerable to denial-of-service (DoS)
Details
The API in Cybozu Office contains a denial-of-service (DoS) vulnerability.
Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000066.html",
"dc:date": "2017-04-11T16:05+09:00",
"dcterms:issued": "2017-04-11T16:05+09:00",
"dcterms:modified": "2017-04-11T16:05+09:00",
"description": "The API in Cybozu Office contains a denial-of-service (DoS) vulnerability.\r\n\r\nCybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000066.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000066",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN17535578/index.html",
"@id": "JVN#17535578",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449",
"@id": "CVE-2016-4449",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4449",
"@id": "CVE-2016-4449",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "The API in Cybozu Office vulnerable to denial-of-service (DoS)"
}
jvndb-2017-000063
Vulnerability from jvndb
Published
2017-04-11 16:05
Modified
2017-06-01 11:30
Severity ?
Summary
The design setting screen in Cybozu Office vulnerable to cross-site scripting
Details
The design setting screen in Cybozu Office contains a cross-site scripting vulnerability.
Kazuto Sagamihara reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000063.html",
"dc:date": "2017-06-01T11:30+09:00",
"dcterms:issued": "2017-04-11T16:05+09:00",
"dcterms:modified": "2017-06-01T11:30+09:00",
"description": "The design setting screen in Cybozu Office contains a cross-site scripting vulnerability.\r\n\r\nKazuto Sagamihara reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000063.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000063",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN17535578/index.html",
"@id": "JVN#17535578",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2114",
"@id": "CVE-2017-2114",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2114",
"@id": "CVE-2017-2114",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "The design setting screen in Cybozu Office vulnerable to cross-site scripting"
}
jvndb-2016-000193
Vulnerability from jvndb
Published
2016-10-03 15:47
Modified
2017-04-24 15:10
Severity ?
Summary
Cybozu Office vulnerable to Reflected File Download (RFD)
Details
Cybozu Office contains a Reflected File Download (RFD) vulnerability.
Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html",
"dc:date": "2017-04-24T15:10+09:00",
"dcterms:issued": "2016-10-03T15:47+09:00",
"dcterms:modified": "2017-04-24T15:10+09:00",
"description": "Cybozu Office contains a Reflected File Download (RFD) vulnerability.\r\n\r\nJun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000193",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN11288252/index.html",
"@id": "JVN#11288252",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4874",
"@id": "CVE-2016-4874",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4874",
"@id": "CVE-2016-4874",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Cybozu Office vulnerable to Reflected File Download (RFD)"
}
jvndb-2016-000192
Vulnerability from jvndb
Published
2016-10-03 15:46
Modified
2017-04-24 15:10
Severity ?
Summary
Cybozu Office vulnerable to denial-of-service (DoS)
Details
Cybozu Office contains a denial-of-service (DoS) vulnerability.
Shuichi Uruma reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html",
"dc:date": "2017-04-24T15:10+09:00",
"dcterms:issued": "2016-10-03T15:46+09:00",
"dcterms:modified": "2017-04-24T15:10+09:00",
"description": "Cybozu Office contains a denial-of-service (DoS) vulnerability.\r\n\r\nShuichi Uruma reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000192",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN10092452/index.html",
"@id": "JVN#10092452",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4871",
"@id": "CVE-2016-4871",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4871",
"@id": "CVE-2016-4871",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Cybozu Office vulnerable to denial-of-service (DoS)"
}
jvndb-2016-000187
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:05
Severity ?
Summary
"Project" function in Cybozu Office vulnerable vulnerable to access restriction bypass
Details
Cybozu Office provided by Cybozu,Inc. contains an access restriction bypass vulnerability in the "Project" function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html",
"dc:date": "2017-04-24T15:05+09:00",
"dcterms:issued": "2016-10-03T15:43+09:00",
"dcterms:modified": "2017-04-24T15:05+09:00",
"description": "Cybozu Office provided by Cybozu,Inc. contains an access restriction bypass vulnerability in the \"Project\" function.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000187",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN07148816/index.html",
"@id": "JVN#07148816",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4867",
"@id": "CVE-2016-4867",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4867",
"@id": "CVE-2016-4867",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "\"Project\" function in Cybozu Office vulnerable vulnerable to access restriction bypass"
}
jvndb-2016-000188
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:10
Severity ?
Summary
Breadcrumb trail in Cybozu Office vulnerable vulnerable to browse restriction bypass
Details
Cybozu Office provided by Cybozu,Inc. contains a browse restriction bypass vulnerability in the breadcrumb trail.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html",
"dc:date": "2017-04-24T15:10+09:00",
"dcterms:issued": "2016-10-03T15:43+09:00",
"dcterms:modified": "2017-04-24T15:10+09:00",
"description": "Cybozu Office provided by Cybozu,Inc. contains a browse restriction bypass vulnerability in the breadcrumb trail.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000188",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN07148816/index.html",
"@id": "JVN#07148816",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4872",
"@id": "CVE-2016-4872",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4872",
"@id": "CVE-2016-4872",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Breadcrumb trail in Cybozu Office vulnerable vulnerable to browse restriction bypass"
}
jvndb-2016-000189
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:10
Severity ?
Summary
"Project" function in Cybozu Office vulnerable vulnerable to operation restriction bypass
Details
Cybozu Office provided by Cybozu,Inc. contains an operation restriction bypass vulnerability in the "Project" function.
Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html",
"dc:date": "2017-04-24T15:10+09:00",
"dcterms:issued": "2016-10-03T15:43+09:00",
"dcterms:modified": "2017-04-24T15:10+09:00",
"description": "Cybozu Office provided by Cybozu,Inc. contains an operation restriction bypass vulnerability in the \"Project\" function.\r\n\r\nYuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000189",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN07148816/index.html",
"@id": "JVN#07148816",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4873",
"@id": "CVE-2016-4873",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4873",
"@id": "CVE-2016-4873",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "\"Project\" function in Cybozu Office vulnerable vulnerable to operation restriction bypass"
}
jvndb-2016-000184
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:05
Severity ?
Summary
"Customapp" function in Cybozu Office vulnerable to cross-site scripting
Details
Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html",
"dc:date": "2017-04-24T15:05+09:00",
"dcterms:issued": "2016-10-03T15:43+09:00",
"dcterms:modified": "2017-04-24T15:05+09:00",
"description": "Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000184",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN06726266/index.html",
"@id": "JVN#06726266",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4865",
"@id": "CVE-2016-4865",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4865",
"@id": "CVE-2016-4865",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "\"Customapp\" function in Cybozu Office vulnerable to cross-site scripting"
}
jvndb-2016-000185
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:05
Severity ?
Summary
"Project" function in Cybozu Office vulnerable to cross-site scripting
Details
Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.
Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html",
"dc:date": "2017-04-24T15:05+09:00",
"dcterms:issued": "2016-10-03T15:43+09:00",
"dcterms:modified": "2017-04-24T15:05+09:00",
"description": "Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.\r\n\r\nYuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000185",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN06726266/index.html",
"@id": "JVN#06726266",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4866",
"@id": "CVE-2016-4866",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4866",
"@id": "CVE-2016-4866",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "\"Project\" function in Cybozu Office vulnerable to cross-site scripting"
}
jvndb-2016-000186
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:10
Severity ?
Summary
"Schedule" function in Cybozu Office vulnerable to cross-site scripting
Details
Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.
Kusano Kazuhiko reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html",
"dc:date": "2017-04-24T15:10+09:00",
"dcterms:issued": "2016-10-03T15:43+09:00",
"dcterms:modified": "2017-04-24T15:10+09:00",
"description": "Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.\r\n\r\nKusano Kazuhiko reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000186",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN06726266/index.html",
"@id": "JVN#06726266",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4870",
"@id": "CVE-2016-4870",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4870",
"@id": "CVE-2016-4870",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "\"Schedule\" function in Cybozu Office vulnerable to cross-site scripting"
}
jvndb-2016-000191
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:05
Severity ?
Summary
Cybozu Office vulnerable to information disclosure
Details
Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed.
Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the page where CGI environment variables are displayed. Therefore, session information may be disclosed if the contents of this page is read in some way.
Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html",
"dc:date": "2017-04-24T15:05+09:00",
"dcterms:issued": "2016-10-03T15:43+09:00",
"dcterms:modified": "2017-04-24T15:05+09:00",
"description": "Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed.\r\n\r\nCookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the page where CGI environment variables are displayed. Therefore, session information may be disclosed if the contents of this page is read in some way.\r\n\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000191",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN09736331/index.html",
"@id": "JVN#09736331",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4869",
"@id": "CVE-2016-4869",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4869",
"@id": "CVE-2016-4869",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Cybozu Office vulnerable to information disclosure"
}
jvndb-2016-000190
Vulnerability from jvndb
Published
2016-10-03 15:43
Modified
2017-04-24 15:05
Severity ?
Summary
Cybozu Office vulnerable to mail header injection
Details
Cybozu Office contains a mail header injection vulnerability in the process of sending emails.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html",
"dc:date": "2017-04-24T15:05+09:00",
"dcterms:issued": "2016-10-03T15:43+09:00",
"dcterms:modified": "2017-04-24T15:05+09:00",
"description": "Cybozu Office contains a mail header injection vulnerability in the process of sending emails.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000190",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN08736331/index.html",
"@id": "JVN#08736331",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4868",
"@id": "CVE-2016-4868",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4868",
"@id": "CVE-2016-4868",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Cybozu Office vulnerable to mail header injection"
}
jvndb-2016-000026
Vulnerability from jvndb
Published
2016-02-15 16:21
Modified
2016-06-06 15:00
Severity ?
Summary
Cybozu Office vulnerable to cross-site scripting
Details
Cybozu Office contains a cross-site scripting vulnerability (CWE-79) in multiple functions.
Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000026.html",
"dc:date": "2016-06-06T15:00+09:00",
"dcterms:issued": "2016-02-15T16:21+09:00",
"dcterms:modified": "2016-06-06T15:00+09:00",
"description": "Cybozu Office contains a cross-site scripting vulnerability (CWE-79) in multiple functions.\r\n\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000026.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000026",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN69278491/index.html",
"@id": "JVN#69278491",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7795",
"@id": "CVE-2015-7795",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7796",
"@id": "CVE-2015-7796",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7797",
"@id": "CVE-2015-7797",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7798",
"@id": "CVE-2015-7798",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1149",
"@id": "CVE-2016-1149",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1150",
"@id": "CVE-2016-1150",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7795",
"@id": "CVE-2015-7795",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7796",
"@id": "CVE-2015-7796",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7797",
"@id": "CVE-2015-7797",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7798",
"@id": "CVE-2015-7798",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1149",
"@id": "CVE-2016-1149",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1150",
"@id": "CVE-2016-1150",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Office vulnerable to cross-site scripting"
}
jvndb-2016-000024
Vulnerability from jvndb
Published
2016-02-15 16:20
Modified
2016-02-23 16:32
Severity ?
Summary
Cybozu Office vulnerable to cross-site request forgery
Details
Cybozu Office contains a cross-site request forgery vulnerability (CWE-352) in multiple functions.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000024.html",
"dc:date": "2016-02-23T16:32+09:00",
"dcterms:issued": "2016-02-15T16:20+09:00",
"dcterms:modified": "2016-02-23T16:32+09:00",
"description": "Cybozu Office contains a cross-site request forgery vulnerability (CWE-352) in multiple functions.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000024.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000024",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN64209269/index.html",
"@id": "JVN#64209269",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1151",
"@id": "CVE-2016-1151",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1151",
"@id": "CVE-2016-1151",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Cybozu Office vulnerable to cross-site request forgery"
}
jvndb-2016-000025
Vulnerability from jvndb
Published
2016-02-15 16:20
Modified
2016-02-23 16:32
Severity ?
Summary
Cybozu Office vulnerable to open redirect
Details
Cybozu Office contains an open redirect vulnerability in network functions.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000025.html",
"dc:date": "2016-02-23T16:32+09:00",
"dcterms:issued": "2016-02-15T16:20+09:00",
"dcterms:modified": "2016-02-23T16:32+09:00",
"description": "Cybozu Office contains an open redirect vulnerability in network functions.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000025.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000025",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN71428831/index.html",
"@id": "JVN#71428831",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8483",
"@id": "CVE-2015-8483",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8483",
"@id": "CVE-2015-8483",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Cybozu Office vulnerable to open redirect"
}
jvndb-2016-000023
Vulnerability from jvndb
Published
2016-02-15 15:45
Modified
2016-02-23 16:32
Severity ?
Summary
Cybozu Office access restriction bypass vulnerability
Details
Cybozu Office contains an access restriction bypass vulnerability in multiple functions.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000023.html",
"dc:date": "2016-02-23T16:32+09:00",
"dcterms:issued": "2016-02-15T15:45+09:00",
"dcterms:modified": "2016-02-23T16:32+09:00",
"description": "Cybozu Office contains an access restriction bypass vulnerability in multiple functions.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000023.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000023",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN48720230/index.html",
"@id": "JVN#48720230",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8484",
"@id": "CVE-2015-8484",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8485",
"@id": "CVE-2015-8485",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8486",
"@id": "CVE-2015-8486",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1152",
"@id": "CVE-2016-1152",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8484",
"@id": "CVE-2015-8484",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8485",
"@id": "CVE-2015-8485",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8486",
"@id": "CVE-2015-8486",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1152",
"@id": "CVE-2016-1152",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Office access restriction bypass vulnerability"
}
jvndb-2016-000021
Vulnerability from jvndb
Published
2016-02-15 15:44
Modified
2016-02-23 16:32
Severity ?
Summary
Cybozu Office vulnerable to information disclosure
Details
Cybozu Office contains an information disclosure vulnerability in the mail function.
Note that this vulnerability is different from JVN#47296923.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000021.html",
"dc:date": "2016-02-23T16:32+09:00",
"dcterms:issued": "2016-02-15T15:44+09:00",
"dcterms:modified": "2016-02-23T16:32+09:00",
"description": "Cybozu Office contains an information disclosure vulnerability in the mail function.\r\n\r\nNote that this vulnerability is different from JVN#47296923.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000021.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000021",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN28042424/index.html",
"@id": "JVN#28042424",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8488",
"@id": "CVE-2015-8488",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8488",
"@id": "CVE-2015-8488",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Office vulnerable to information disclosure"
}
jvndb-2016-000022
Vulnerability from jvndb
Published
2016-02-15 15:44
Modified
2016-02-23 16:32
Severity ?
Summary
Cybozu Office vulnerable to information disclosure
Details
Cybozu Office contains an information disclosure vulnerability.
Note that this vulnerability is different from JVN#28042424.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000022.html",
"dc:date": "2016-02-23T16:32+09:00",
"dcterms:issued": "2016-02-15T15:44+09:00",
"dcterms:modified": "2016-02-23T16:32+09:00",
"description": "Cybozu Office contains an information disclosure vulnerability.\r\n\r\nNote that this vulnerability is different from JVN#28042424.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000022.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000022",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN47296923/index.html",
"@id": "JVN#47296923",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8487",
"@id": "CVE-2015-8487",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8487",
"@id": "CVE-2015-8487",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Cybozu Office vulnerable to information disclosure"
}
jvndb-2016-000020
Vulnerability from jvndb
Published
2016-02-15 15:43
Modified
2016-02-23 16:32
Severity ?
Summary
Cybozu Office vulnerable to denial-of-service (DoS)
Details
Cybozu Office contains a denial-of-service (DoS) vulnerability due to an issue in "customapp".
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000020.html",
"dc:date": "2016-02-23T16:32+09:00",
"dcterms:issued": "2016-02-15T15:43+09:00",
"dcterms:modified": "2016-02-23T16:32+09:00",
"description": "Cybozu Office contains a denial-of-service (DoS) vulnerability due to an issue in \"customapp\".",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000020.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000020",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN20246313/index.html",
"@id": "JVN#20246313",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8489",
"@id": "CVE-2015-8489",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1153",
"@id": "CVE-2016-1153",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8489",
"@id": "CVE-2015-8489",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1153",
"@id": "CVE-2016-1153",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Cybozu Office vulnerable to denial-of-service (DoS)"
}
jvndb-2014-000130
Vulnerability from jvndb
Published
2014-11-11 13:36
Modified
2014-11-25 17:52
Summary
Multiple Cybozu products vulnerable to buffer overflow
Details
Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability (CWE-119).
Masaaki Chida of GREE, Inc. reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000130.html",
"dc:date": "2014-11-25T17:52+09:00",
"dcterms:issued": "2014-11-11T13:36+09:00",
"dcterms:modified": "2014-11-25T17:52+09:00",
"description": "Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability (CWE-119).\r\n\r\nMasaaki Chida of GREE, Inc. reported this vulnerability to the developer.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000130.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:mailwise",
"@product": "Cybozu Mailwise",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000130",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN14691234/index.html",
"@id": "JVN#14691234",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5314",
"@id": "CVE-2014-5314",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5314",
"@id": "CVE-2014-5314",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20141111-jvn.html",
"@id": "Security Alert for Multiple Cybozu products vulnerable to buffer overflow (JVN#14691234)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Multiple Cybozu products vulnerable to buffer overflow"
}
jvndb-2013-000118
Vulnerability from jvndb
Published
2013-12-10 14:13
Modified
2013-12-18 14:51
Summary
Cybozu Dezie vulnerable to cross-site scripting
Details
Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability.
Ken Asai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000118.html",
"dc:date": "2013-12-18T14:51+09:00",
"dcterms:issued": "2013-12-10T14:13+09:00",
"dcterms:modified": "2013-12-18T14:51+09:00",
"description": "Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability.\r\n\r\nKen Asai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000118.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000118",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN21336955/index.html",
"@id": "JVN#21336955",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6005",
"@id": "CVE-2013-6005",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6005",
"@id": "CVE-2013-6005",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Dezie vulnerable to cross-site scripting"
}