[Japanese]

JVNDB-2021-000088

Multiple vulnerabilities in Cybozu Remote Service

Overview

Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below.

* [CyVDB-525] Cross-site request forgery vulnerability in the management screen (CWE-352) - CVE-2021-20795
* [CyVDB-1742] Path traversal vulnerability in the management screen (CWE-22) - CVE-2021-20796
* [CyVDB-1806] Cross-site script inclusion vulnerability in the management screen (CWE-829) - CVE-2021-20797
* [CyVDB-1808] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20798
* [CyVDB-1809] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20799
* [CyVDB-1810] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20800
* [CyVDB-1811] XML external entity injection (XXE) vulnerability (CWE-611) - CVE-2021-20801
* [CyVDB-1814] HTTP header injection vulnerability (CWE-113) - CVE-2021-20802
* [CyVDB-1820] Operation restriction bypass in the management screen (CWE-264) - CVE-2021-20803
* [CyVDB-1830] Denial-of-service (DoS) vulnerability (CWE-400) - CVE-2021-20804
* [CyVDB-1862] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20805
* [CyVDB-1968] Open redirect vulnerability (CWE-601) - CVE-2021-20806
* [CyVDB-2028] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20807

CVE-2021-20795
Masaaki Chida reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN.

CVE-2021-20796, CVE-2021-20807
Toshitsugu Yoneyama(Mitsui Bussan Secure Directions, Inc.) reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.

CVE-2021-20805
Yuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN.

CVE-2021-20806
Kanta Nishitani of Ierae Security Inc. reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN.

CVE-2021-20797, CVE-2021-20798, CVE-2021-20799, CVE-2021-20800, CVE-2021-20801, CVE-2021-20802, CVE-2021-20803, CVE-2021-20804
Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 5.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 6.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single Instance
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Complete
The above CVSS base scores have been assigned for CVE-2021-20804


CVSS V3 Severity:
Base Metrics 6.5 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021- 20795


CVSS V3 Severity:
Base Metrics 4.2 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: Low
CVSS V2 Severity:
Base Metrics 4.9 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2021-20796


CVSS V3 Severity:
Base Metrics 5.4 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.1 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-20797


CVSS V3 Severity:
Base Metrics 5.4 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 3.5 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-20798


CVSS V3 Severity:
Base Metrics 5.4 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 3.5 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-20799


CVSS V3 Severity:
Base Metrics 5.4 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 3.5 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-20800


CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-20801


CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-20802


CVSS V3 Severity:
Base Metrics 5.4 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: Low
CVSS V2 Severity:
Base Metrics 5.5 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2021-20803


CVSS V3 Severity:
Base Metrics 5.4 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 3.5 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-20805


CVSS V3 Severity:
Base Metrics 3.4 (Low) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-20806


CVSS V3 Severity:
Base Metrics 6.1 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-20807
Affected Products


Cybozu, Inc.
  • Remote Service 3.1.8 to 3.1.9(CVE-2021-20795,CVE-2021-20798,CVE-2021-20799,CVE-2021-20801,CVE-2021-20802,CVE-2021-20803,CVE-2021-20804)
  • Remote Service 3.1.8(CVE-2021-20796,CVE-2021-20797,CVE-2021-20800)
  • Remote Service 3.1.7 to 3.1.9(CVE-2021-20805)
  • Remote Service 3.0.0 to 3.1.9(CVE-2021-20806,CVE-2021-20807)

Impact

* [CyVDB-525]:
If a user views a malicious page while logged in, unintended operations may be performed.
* [CyVDB-1742]:
A user who can log in to the product may upload an arbitrary file.
* [CyVDB-1806], [CyVDB-1811]:
A user who can log in to the product may obtain the information stored in the product. Note that [CyVDB-1806] issue only occurs when using Mozilla firefox.
* [CyVDB-1808], [CyVDB-1809], [CyVDB-1810], [CyVDB-1862], [CyVDB-2028]:
An arbitrary script may be executed on a logged-in user's web browser.
* [CyVDB-1814]:
A remote attacker may alter the information stored in the product.
* [CyVDB-1820]:
A user who can log in to the product may alter the data of the management screen.
* [CyVDB-1830]:
A user who can log in to the product may be able to cause a denial-of-service (DoS) condition.
* [CyVDB-1968]:
When accessing a specially crafted URL, the user may be redirected to an arbitrary website.
Solution

[Update the Software]
Update to the latest version according to the information provided by the developer.
Vendor Information

Cybozu, Inc.
CWE (What is CWE?)

  1. Path Traversal(CWE-22) [IPA Evaluation]
  2. Permissions(CWE-264) [IPA Evaluation]
  3. Cross-Site Request Forgery(CWE-352) [IPA Evaluation]
  4. Uncontrolled Resource Consumption ('Resource Exhaustion')(CWE-400) [IPA Evaluation]
  5. Cross-site Scripting(CWE-79) [IPA Evaluation]
  6. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2021-20795
  2. CVE-2021-20796
  3. CVE-2021-20797
  4. CVE-2021-20798
  5. CVE-2021-20799
  6. CVE-2021-20800
  7. CVE-2021-20801
  8. CVE-2021-20802
  9. CVE-2021-20803
  10. CVE-2021-20804
  11. CVE-2021-20805
  12. CVE-2021-20806
  13. CVE-2021-20807
References

  1. JVN : JVN#52694228
Revision History

  • [2021/09/30]
      Web page was published