JVN#14658424: Cybozu Office fails to restrict access permissions

ID JVN:14658424
Type jvn
Reporter Japan Vulnerability Notes
Modified 2017-10-11T00:00:00


## Description

Cybozu Office provided by Cybozu, Inc. fails to restrict access permissions (CWE-284) due to an issue in "Cabinet" function.

## Impact

A user who can login to Cybozu Office may perform arbitrary operations to the folder where the user does not have acces with its privilege.

## Solution

Update the Software
Update to the latest version according to the information provided by the developer.

## Products Affected

  • Cybozu Office 10.0.0 to 10.6.1