Lucene search

Japan Vulnerability NotesJVN:48720230

HistoryFeb 15, 2016 - 12:00 a.m.

JVN#48720230: Cybozu Office access restriction bypass vulnerability

2016-02-1500:00:00

Japan Vulnerability Notes

jvn.jp

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

EPSS

0.002

Percentile

52.9%

JSON

Cybozu Office contains an access restriction bypass vulnerability in multiple functions.

Impact

A remote unauthenticated attacker may view the information about the groupware.
An authenticated attacker may obtain privileged information or may cause specific functions to become unusable.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Products Affected

Cybozu Office 9.9.0 to 10.3.0

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

EPSS

0.002

Percentile

52.9%

JSON

Related for JVN:48720230