Lucene search

[email protected]CVE-2006-4490

HistoryAug 31, 2006 - 10:04 p.m.

CVE-2006-4490

2006-08-3122:04:00

[email protected]

web.nvd.nist.gov

cve-2006-4490

directory traversal

cybozu office

share 360

remote authenticated users

information security

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.908 High

EPSS

Percentile

98.9%

JSON

Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a … (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe.

Affected configurations

NVD

Node

cybozucybozu_officeRange≤6.6_build_1.2

cybozushare_360Range≤2.5_build_0.2

CPENameOperatorVersion
cybozu:cybozu_officecybozu cybozu officele6.6_build_1.2
cybozu:share_360cybozu share 360le2.5_build_0.2

CPE	Name	Operator	Version
cybozu:cybozu_office	cybozu cybozu office	le	6.6_build_1.2
cybozu:share_360	cybozu share 360	le	2.5_build_0.2

References

cybozu.co.jp/products/dl/notice_060825/

jvn.jp/jp/JVN%2390420168/index.html

secunia.com/advisories/21618

secunia.com/advisories/21623

securitytracker.com/id?1016759

vuln.sg/cybozu-en.html

www.osvdb.org/28261

www.osvdb.org/28262

exchange.xforce.ibmcloud.com/vulnerabilities/28591

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.908 High

EPSS

Percentile

98.9%

JSON

Related for CVE-2006-4490

nvd1 cvelist1