Japan Vulnerability NotesJVN:87730223JVN#87730223 Multiple Cybozu products vulnerable to authentication bypass
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
Percentile
76.8%
Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product.
Impact
A remote attacker may view or modify information stored by the product.
Solution
Apply IP address restriction
Using one of the following methods, restrict access only to mobile device IP addresses:
- Apply the restriction settings on the server in which the product is installed
- Use “Cybozu Remote Service” available from the developer
Update the Software
Update to the latest version according to the information provided by the developer.
Products Affected
- Cybozu ® Office 7 Ktai
- Cybozu ® .(dot) sales
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
Percentile
76.8%