Lucene search

[email protected]CVE-2011-2677

HistoryOct 21, 2011 - 6:55 p.m.

CVE-2011-2677

2011-10-2118:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cybozu office

cve-2011-2677

access restriction

url manipulation

information security

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.9%

JSON

Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL.

Affected configurations

NVD

Node

cybozuofficeRange≤7

cybozuofficeMatch6

CPENameOperatorVersion
cybozu:officecybozu officele7
cybozu:officecybozu officeeq6

CPE	Name	Operator	Version
cybozu:office	cybozu office	le	7
cybozu:office	cybozu office	eq	6

References

cs.cybozu.co.jp/information/20111005notice01.php

jvn.jp/en/jp/JVN84838479/index.html

jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000079.html

osvdb.org/76124

secunia.com/advisories/46321

www.securityfocus.com/bid/50015

exchange.xforce.ibmcloud.com/vulnerabilities/70411

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.9%

JSON

Related for CVE-2011-2677

prion1 cvelist1 jvn1 nvd1