Lucene search

JpcertCVE-2011-2677

HistoryOct 21, 2011 - 6:55 p.m.

CVE-2011-2677

2011-10-2118:55:00

CWE-264

jpcert

web.nvd.nist.gov

cybozu office

cve-2011-2677

access restriction

url manipulation

information security

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

Confidence

Low

EPSS

0.005

Percentile

75.8%

JSON

Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL.

Affected configurations

Nvd

Node

cybozuofficeRange≤7

cybozuofficeMatch6

VendorProductVersionCPE
cybozuoffice*cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*
cybozuoffice6cpe:2.3:a:cybozu:office:6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cybozu	office	*	cpe:2.3:a:cybozu:office::::::::
cybozu	office	6	cpe:2.3:a:cybozu:office:6:::::::*

References

cs.cybozu.co.jp/information/20111005notice01.php

jvn.jp/en/jp/JVN84838479/index.html

jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000079.html

osvdb.org/76124

secunia.com/advisories/46321

www.securityfocus.com/bid/50015

exchange.xforce.ibmcloud.com/vulnerabilities/70411

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

Confidence

Low

EPSS

0.005

Percentile

75.8%

JSON

Related for CVE-2011-2677