JVNDB-2016-000023

[Japanese]
JVNDB-2016-000023
Cybozu Office access restriction bypass vulnerability
Overview
Cybozu Office contains an access restriction bypass vulnerability in multiple functions.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 5.4 (Medium) [IPA Score] Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality Impact: Low Integrity Impact: None Availability Impact: Low CVSS V2 Severity: Base Metrics 5.5 (Medium) [Vendor Score] Access Vector: Network Access Complexity: Low Authentication: Single Instance Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial
Affected Products

Cybozu, Inc. Cybozu Office 9.9.0 to 10.3.0

Impact
A remote unauthenticated attacker may view the information about the groupware. An authenticated attacker may obtain privileged information or may cause specific functions to become unusable.
Solution
[Update the Software] Update to the latest version according to the information provided by the developer.
Vendor Information
Cybozu, Inc. Cybozu : Cybozu, Inc. website (CyVDB-745) (in Japanese) Cybozu : Cybozu, Inc. website (CyVDB-940) (in Japanese) Cybozu : Cybozu, Inc. website (CyVDB-941) (in Japanese) Cybozu : Cybozu, Inc. website (CyVDB-978) (in Japanese)
CWE (What is CWE?)
Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)
CVE-2015-8484 CVE-2015-8485 CVE-2015-8486 CVE-2016-1152
References
JVN : JVN#48720230 National Vulnerability Database (NVD) : CVE-2015-8484 National Vulnerability Database (NVD) : CVE-2015-8485 National Vulnerability Database (NVD) : CVE-2015-8486 National Vulnerability Database (NVD) : CVE-2016-1152
Revision History
[2016/02/15] Web page was published [2016/02/23] References : Contents were added


Date Public	2016/02/15
Date First Published	2016/02/15
Date Last Updated	2016/02/23

Cybozu Office access restriction bypass vulnerability