[Japanese]

JVNDB-2006-000649

Cybozu Office 6 information disclosure vulnerability

Overview

A vulnerability exists in Cybozu Office 6 allowing the disclosure of registered users or groups information.

Cybozu Office 6 provides several login methods. One of the methods, meant to be used in the Internet, allows direct entry of a username. However, even when this method is used, information of registered users and groups could be obtained by an attacker.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


Cybozu, Inc.
  • Cybozu AG
  • Cybozu AG Pocket
  • Cybozu Office Office 6.5(1.2)
  • Cybozu Share360
  • Cybozu Garoon

Impact

A remote attacker could obtain information on registered users and groups.
Solution

Vendor Information

Cybozu, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2006-4492
References

  1. JVN : JVN#31125599
  2. National Vulnerability Database (NVD) : CVE-2006-4492
  3. Secunia Advisory : SA21623
  4. OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 28263
Revision History

  • [2008/05/21]
      Web page published