[Japanese]

JVNDB-2006-000650

Cybozu products vulnerable to directory traversal

Overview

Multiple Cybozu products contain a directory traversal vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


Cybozu, Inc.
  • Cybozu Office 6.6(1.2) and earlier
  • Cybozu Share360 2.5(0.2) and earlier

Impact

A remote authenticated attacker could read an arbitrary file on the server. The files that can be viewed by an attacker depend on the environment where the Cybozu products are installed.
Solution

Vendor Information

Cybozu, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2006-4490
References

  1. JVN : JVN#90420168
  2. National Vulnerability Database (NVD) : CVE-2006-4490
  3. Secunia Advisory : SA21623
  4. ISS X-Force Database : 28591
  5. SecurityTracker : 1016759
  6. OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 28261
  7. OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 28262
Revision History

  • [2008/05/21]
      Web page published