|
[Japanese]
|
JVNDB-2010-000016
|
Multiple Cybozu products vulnerable to authentication bypass
|
|
Multiple Cybozu products contain an authentication bypass vulnerability.
Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product.
|
|
CVSS V2 Severity:
Base Metrics 5.8 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
Cybozu, Inc.
- Cybozu Office 7 Ktai
- Cybozu Dotsales
|
|
|
A remote attacker may view or modify information stored by the product.
|
|
[Apply IP address restriction]
Using one of the following methods, restrict access only to mobile device IP addresses:
* Apply the restriction settings on the server in which the product is installed
* Use "Cybozu Remote Service" available from the developer
[Update the Software]
Update to the latest version according to the information provided by the developer.
|
|
Cybozu, Inc.
|
|
- Permissions(CWE-264) [IPA Evaluation]
|
|
- CVE-2010-2029
|
|
- JVN : JVN#87730223
- National Vulnerability Database (NVD) : CVE-2010-2029
- IPA SECURITY ALERTS : Security Alert for Vulnerability in Multiple Cybozu Products
- Secunia Advisory : SA39508
- ISS X-Force Database : 57976
- OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 63933
|
|
- [2010/04/21]
Web page published
|
