JVNDB-2016-000020

[Japanese]
JVNDB-2016-000020
Cybozu Office vulnerable to denial-of-service (DoS)
Overview
Cybozu Office contains a denial-of-service (DoS) vulnerability due to an issue in "customapp".
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 6.5 (Medium) [IPA Score] Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality Impact: None Integrity Impact: None Availability Impact: High CVSS V2 Severity: Base Metrics 6.8 (Medium) [Vendor Score] Access Vector: Network Access Complexity: Low Authentication: Single Instance Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
Affected Products

Cybozu, Inc. Cybozu Office 9.9.0 to 10.3.0

Impact
An authenticated attacker may cause a denial-of-service (DoS) condition which all users can not use the system.
Solution
[Update the Software] Update to the latest version according to the information provided by the developer.
Vendor Information
Cybozu, Inc. Cybozu : Cybozu, Inc. website (CyVDB-917) (in Japanese) Cybozu : Cybozu, Inc. website (CyVDB-935) (in Japanese)
CWE (What is CWE?)
Improper Input Validation(CWE-20) [IPA Evaluation]
CVE (What is CVE?)
CVE-2015-8489 CVE-2016-1153
References
JVN : JVN#20246313 National Vulnerability Database (NVD) : CVE-2015-8489 National Vulnerability Database (NVD) : CVE-2016-1153
Revision History
[2016/02/15] Web page was published [2016/02/23] References : Contents were added

Cybozu Office vulnerable to denial-of-service (DoS)