[Japanese]
|
JVNDB-2016-000023
|
Cybozu Office access restriction bypass vulnerability
|
Cybozu Office contains an access restriction bypass vulnerability in multiple functions.
|
CVSS V3 Severity: Base Metrics 5.4 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: Low
CVSS V2 Severity: Base Metrics 5.5 (Medium) [Vendor Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: Single Instance
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: Partial
|
|
Cybozu, Inc.
- Cybozu Office 9.9.0 to 10.3.0
|
|
A remote unauthenticated attacker may view the information about the groupware.
An authenticated attacker may obtain privileged information or may cause specific functions to become unusable.
|
[Update the Software]
Update to the latest version according to the information provided by the developer.
|
Cybozu, Inc.
|
- Permissions(CWE-264) [IPA Evaluation]
|
- CVE-2015-8484
- CVE-2015-8485
- CVE-2015-8486
- CVE-2016-1152
|
- JVN : JVN#48720230
- National Vulnerability Database (NVD) : CVE-2015-8484
- National Vulnerability Database (NVD) : CVE-2015-8485
- National Vulnerability Database (NVD) : CVE-2015-8486
- National Vulnerability Database (NVD) : CVE-2016-1152
|
- [2016/02/15]
Web page was published
[2016/02/23]
References : Contents were added
|