Lucene search

JpcertCVE-2016-7815

HistoryApr 28, 2017 - 4:59 p.m.

CVE-2016-7815

2017-04-2816:59:00

CWE-295

jpcert

web.nvd.nist.gov

cve-2016-7815

remote service manager

security vulnerability

unauthorized access

nvd

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

45.3%

JSON

Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.

Affected configurations

Nvd

Vulners

Node

cybozuremote_service_managerMatch3.0.0

cybozuremote_service_managerMatch3.0.1

cybozuremote_service_managerMatch3.1.0

cybozuremote_service_managerMatch3.1.1

cybozuremote_service_managerMatch3.1.2

cybozuremote_service_managerMatch3.1.3

cybozuremote_service_managerMatch3.1.4

VendorProductVersionCPE
cybozuremote_service_manager3.0.0cpe:2.3:a:cybozu:remote_service_manager:3.0.0:*:*:*:*:*:*:*
cybozuremote_service_manager3.0.1cpe:2.3:a:cybozu:remote_service_manager:3.0.1:*:*:*:*:*:*:*
cybozuremote_service_manager3.1.0cpe:2.3:a:cybozu:remote_service_manager:3.1.0:*:*:*:*:*:*:*
cybozuremote_service_manager3.1.1cpe:2.3:a:cybozu:remote_service_manager:3.1.1:*:*:*:*:*:*:*
cybozuremote_service_manager3.1.2cpe:2.3:a:cybozu:remote_service_manager:3.1.2:*:*:*:*:*:*:*
cybozuremote_service_manager3.1.3cpe:2.3:a:cybozu:remote_service_manager:3.1.3:*:*:*:*:*:*:*
cybozuremote_service_manager3.1.4cpe:2.3:a:cybozu:remote_service_manager:3.1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cybozu	remote_service_manager	3.0.0	cpe:2.3:a:cybozu:remote_service_manager:3.0.0:::::::*
cybozu	remote_service_manager	3.0.1	cpe:2.3:a:cybozu:remote_service_manager:3.0.1:::::::*
cybozu	remote_service_manager	3.1.0	cpe:2.3:a:cybozu:remote_service_manager:3.1.0:::::::*
cybozu	remote_service_manager	3.1.1	cpe:2.3:a:cybozu:remote_service_manager:3.1.1:::::::*
cybozu	remote_service_manager	3.1.2	cpe:2.3:a:cybozu:remote_service_manager:3.1.2:::::::*
cybozu	remote_service_manager	3.1.3	cpe:2.3:a:cybozu:remote_service_manager:3.1.3:::::::*
cybozu	remote_service_manager	3.1.4	cpe:2.3:a:cybozu:remote_service_manager:3.1.4:::::::*

CNA Affected

[
  {
    "product": "Remote Service Manager",
    "vendor": "Cybozu, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0 to 3.1.4"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN19241292/index.html

www.securityfocus.com/bid/95379

support.cybozu.com/ja-jp/article/9689

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

45.3%

JSON

Related for CVE-2016-7815