ID CVE-2018-0528 Type cve Reporter cve@mitre.org Modified 2018-08-09T13:25:00
Description
Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.
{"openvas": [{"lastseen": "2019-05-29T18:33:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0528", "CVE-2018-0527", "CVE-2018-0526", "CVE-2018-0529"], "description": "This host is installed with Cybozu Office\n and is prone to multiple vulnerabilities.", "modified": "2019-05-03T00:00:00", "published": "2018-06-27T00:00:00", "id": "OPENVAS:1361412562310813617", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813617", "type": "openvas", "title": "Cybozu Office Multiple Vulnerabilities-01 June18", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Cybozu Office Multiple Vulnerabilities-01 June18\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cybozu:office\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813617\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2018-0526\", \"CVE-2018-0527\", \"CVE-2018-0528\", \"CVE-2018-0529\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-27 11:07:13 +0530 (Wed, 27 Jun 2018)\");\n script_name(\"Cybozu Office Multiple Vulnerabilities-01 June18\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Cybozu Office\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error in the application 'Message' when viewing an external image.\n\n - An input validation error in 'E-mail Details Screen' of the application 'E-mail'.\n\n - A browse restriction bypass error in the application 'Scheduler'.\n\n - An error in the application 'Message' due to a flaw in processing of an\n attached file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose sensitive information, execute arbitrary script, bypass security\n restrictions and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Cybozu Office versions 10.0.0 to 10.7.0.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Cybozu Office version 10.8.0 or\n later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://jvn.jp/en/jp/JVN51737843/index.html\");\n script_xref(name:\"URL\", value:\"https://office-users.cybozu.co.jp\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_dependencies(\"secpod_cybozu_products_detect.nasl\");\n script_mandatory_keys(\"CybozuOffice/Installed\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!port = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE)) exit(0);\ncybVer = infos['version'];\npath = infos['location'];\n\nif(cybVer =~ \"^10\\.\")\n{\n if(version_is_less_equal(version:cybVer, test_version:\"10.7.0\"))\n {\n report = report_fixed_ver(installed_version:cybVer, fixed_version:\"10.8.0\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "jvn": [{"lastseen": "2019-05-29T19:49:31", "bulletinFamily": "info", "cvelist": ["CVE-2018-0528", "CVE-2018-0527", "CVE-2018-0526", "CVE-2018-0565", "CVE-2018-0529", "CVE-2018-0566", "CVE-2018-0567"], "description": "\n ## Description\n\nCybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \n\n * **Information disclosure in the application \"Message\" when viewing an external image ([CWE-200](<https://cwe.mitre.org/data/definitions/200.html>))** \\- CVE-2018-0526 CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N | **Base Score: 4.3** \n---|---|--- \nCVSS v2 | AV:N/AC:M/Au:N/C:P/I:N/A:N | **Base Score: 4.3** \n * **Stored cross-site scripting in \"E-mail Details Screen\" of the application \"E-mail\" ([CWE-79](<https://cwe.mitre.org/data/definitions/79.html>))** \\- CVE-2018-0527 CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | **Base Score: 6.1** \n---|---|--- \nCVSS v2 | AV:N/AC:M/Au:N/C:N/I:P/A:N | **Base Score: 4.3** \n * **Browse restriction bypass in the application \"Scheduler\" ([CWE-264](<https://cwe.mitre.org/data/definitions/264.html>))** \\- CVE-2018-0528 CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | **Base Score: 4.3** \n---|---|--- \nCVSS v2 | AV:N/AC:M/Au:S/C:P/I:N/A:N | **Base Score: 3.5** \n * **Denial-of-service (DoS) in the application \"Message\" due to a flaw in processing of an attached file ([CWE-20](<https://cwe.mitre.org/data/definitions/20.html>))** \\- CVE-2018-0529 CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | **Base Score: 4.3** \n---|---|--- \nCVSS v2 | AV:N/AC:L/Au:N/C:N/I:N/A:P | **Base Score: 5.0** \n * **Reflected cross-site scripting in the application \"MultiReport\" ([CWE-79](<https://cwe.mitre.org/data/definitions/79.html>))** \\- CVE-2018-0565 CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | **Base Score: 6.1** \n---|---|--- \nCVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | **Base Score: 2.6** \n * **Browse restriction bypass in the application \"Scheduler\" ([CWE-264](<https://cwe.mitre.org/data/definitions/264.html>))** \\- CVE-2018-0566 CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | **Base Score: 4.3** \n---|---|--- \nCVSS v2 | AV:N/AC:M/Au:S/C:P/I:N/A:N | **Base Score: 3.5** \n * **Operation restriction bypass in the application \"Bulletin\" ([CWE-264](<https://cwe.mitre.org/data/definitions/264.html>))** \\- CVE-2018-0567 CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | **Base Score: 4.3** \n---|---|--- \nCVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | **Base Score: 3.5**\n\n ## Impact\n\n * If a user browses a message, an attached image located in an external server may be displayed without the user's permission - CVE-2018-0526\n * An arbitrary script may be executed on the logged in user's web browser - CVE-2018-0527, CVE-2018-0565\n * A user who can login to the product may view the schedules that are not permitted to access - CVE-2018-0528\n * Attaching a specially crafted image file in \"Compose E-mail screen\" by a user may result in Denial-of-service (DoS) condition - CVE-2018-0529\n * The schedule may be obtained by a user who does not have privileges to access - CVE-2018-0566\n * A user without privileges may access and write data prior to being public - CVE-2018-0567\n\n ## Solution\n\n**Update the Software** \nUpdate to the latest version according to the information provided by the developer.\n\n ## Products Affected\n\n * Cybozu Office 10.0.0 to 10.7.0 (CVE-2018-0526, CVE-2018-0527, CVE-2018-0528, CVE-2018-0529)\n * Cybozu Office 10.0.0 to 10.8.0 (CVE-2018-0565, CVE-2018-0566, CVE-2018-0567)\n", "edition": 5, "modified": "2018-05-22T00:00:00", "published": "2018-05-22T00:00:00", "id": "JVN:51737843", "href": "http://jvn.jp/en/jp/JVN51737843/index.html", "title": "JVN#51737843: Multiple vulnerabilities in Cybozu Office", "type": "jvn", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}
