DATABASE RESOURCES PRICING ABOUT US

{"id": "JVN:45797538", "vendorId": null, "type": "jvn", "bulletinFamily": "info", "title": "JVN#45797538: Multiple vulnerabilities in Cybozu Office", "description": "Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \n\n**[CyVDB-1657] Operational restrictions bypass vulnerability in Scheduler ([CWE-264](<https://cwe.mitre.org/data/definitions/264.html>))** \\- CVE-2021-20624 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| **Base Score: 4.3** \nCVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| **Base Score: 4.0** \n \n**[CyVDB-1727] Operational restrictions bypass vulnerability in Bulletin Board ([CWE-264](<https://cwe.mitre.org/data/definitions/264.html>))** \\- CVE-2021-20625 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| **Base Score: 4.3** \nCVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| **Base Score: 4.0** \n \n**[CyVDB-1895][CyVDB-2658] Operational restrictions bypass vulnerability in Workflow ([CWE-264](<https://cwe.mitre.org/data/definitions/264.html>))** \\- CVE-2021-20626 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| **Base Score: 4.3** \nCVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| **Base Score: 4.0** \n \n**[CyVDB-1899] Cross-site scripting vulnerability in Address Book ([CWE-79](<https://cwe.mitre.org/data/definitions/79.html>))** \\- CVE-2021-20627 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N| **Base Score: 4.7** \nCVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| **Base Score: 2.6** \n \n**[CyVDB-1924] Cross-site scripting vulnerability in Address Book ([CWE-79](<https://cwe.mitre.org/data/definitions/79.html>))** \\- CVE-2021-20628 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N| **Base Score: 4.7** \nCVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| **Base Score: 2.6** \n \n**[CyVDB-2014] Cross-site scripting vulnerability in E-mail ([CWE-79](<https://cwe.mitre.org/data/definitions/79.html>))** \\- CVE-2021-20629 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N| **Base Score: 4.7** \nCVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| **Base Score: 2.6** \n \n**[CyVDB-2018] Viewing restrictions bypass vulnerability in Phone Messages ([CWE-264](<https://cwe.mitre.org/data/definitions/264.html>))** \\- CVE-2021-20630 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| **Base Score: 4.3** \nCVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N| **Base Score: 4.0** \n \n**[CyVDB-2063] Improper input validation vulnerability in Custom App ([CWE-20](<https://cwe.mitre.org/data/definitions/20.html>))** \\- CVE-2021-20631 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L| **Base Score: 4.3** \nCVSS v2| AV:N/AC:L/Au:S/C:N/I:N/A:P| **Base Score: 4.0** \n \n**[CyVDB-2263] Viewing restrictions bypass vulnerability in Bulletin Board ([CWE-264](<https://cwe.mitre.org/data/definitions/264.html>))** \\- CVE-2021-20632 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| **Base Score: 4.3** \nCVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N| **Base Score: 4.0** \n \n**[CyVDB-2310] Viewing restrictions bypass vulnerability in Cabinet ([CWE-264](<https://cwe.mitre.org/data/definitions/264.html>))** \\- CVE-2021-20633 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| **Base Score: 4.3** \nCVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N| **Base Score: 4.0** \n \n**[CyVDB-2764] Viewing restrictions bypass vulnerability in Custom App ([CWE-264](<https://cwe.mitre.org/data/definitions/264.html>))** \\- CVE-2021-20634 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| **Base Score: 4.3** \nCVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N| **Base Score: 4.0** \n \n**[CyVDB-1900] Cross-site scripting vulnerability in Address Book ([CWE-79](<https://cwe.mitre.org/data/definitions/79.html>))** \\- CVE-2021-20849 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N| **Base Score: 4.7** \nCVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| **Base Score: 2.6**\n\n ## Impact\n\n * [CyVDB-1657]: \nA user who can log in to the product may alter the data of Scheduler without appropriate privileges.\n * [CyVDB-1727]: \nA user who can log in to the product may alter the data of Bulletin Board without appropriate privileges.\n * [CyVDB-1895] and [CyVDB-2658]: \nA user who can log in to the product may alter the data of Workflow without appropriate privileges.\n * [CyVDB-1899], [CyVDB-1924], [CyVDB-2014] and [CyVDB-1900]: \nAn arbitrary script may be executed on a logged-in user's web browser. Note that [CyVDB-1924] issue only occurs when using Mozilla firefox.\n * [CyVDB-2018]: \nA user who can log in to the product may obtain the data of Phone Messages without the viewing privileges.\n * [CyVDB-2063]: \nA user who can log in to the product may alter the data of Custom App.\n * [CyVDB-2263]: \nA user who can log in to the product may obtain the data of Bulletin Board without the viewing privileges.\n * [CyVDB-2310]: \nA user who can log in to the product may obtain the data of Cabinet without the viewing privileges.\n * [CyVDB-2764]: \nA user who can log in to the product may obtain the data of Custom App without the viewing privileges.\n\n ## Solution\n\n**Update the Software** \nUpdate to the latest version according to the information provided by the developer.\n\n ## Products Affected\n\n * Cybozu Office 10.0.0 to 10.8.4\n", "published": "2021-03-15T00:00:00", "modified": "2021-12-17T00:00:00", "epss": [{"cve": "CVE-2021-20624", "epss": 0.00054, "percentile": 0.20549, "modified": "2023-05-27"}, {"cve": "CVE-2021-20625", "epss": 0.00054, "percentile": 0.20549, "modified": "2023-05-27"}, {"cve": "CVE-2021-20626", "epss": 0.00054, "percentile": 0.20549, "modified": "2023-05-27"}, {"cve": "CVE-2021-20627", "epss": 0.00112, "percentile": 0.4323, "modified": "2023-05-27"}, {"cve": "CVE-2021-20628", "epss": 0.00112, "percentile": 0.4323, "modified": "2023-05-27"}, {"cve": "CVE-2021-20629", "epss": 0.00112, "percentile": 0.4323, "modified": "2023-05-27"}, {"cve": "CVE-2021-20630", "epss": 0.00054, "percentile": 0.20549, "modified": "2023-05-27"}, {"cve": "CVE-2021-20631", "epss": 0.00054, "percentile": 0.20549, "modified": "2023-05-27"}, {"cve": "CVE-2021-20632", "epss": 0.00054, "percentile": 0.20549, "modified": "2023-05-27"}, {"cve": "CVE-2021-20633", "epss": 0.00054, "percentile": 0.20549, "modified": "2023-05-27"}, {"cve": "CVE-2021-20634", "epss": 0.00054, "percentile": 0.20549, "modified": "2023-05-27"}], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "http://jvn.jp/en/jp/JVN45797538/index.html", "reporter": "Japan Vulnerability Notes", "references": [], "cvelist": ["CVE-2021-20624", "CVE-2021-20625", "CVE-2021-20626", "CVE-2021-20627", "CVE-2021-20628", "CVE-2021-20629", "CVE-2021-20630", "CVE-2021-20631", "CVE-2021-20632", "CVE-2021-20633", "CVE-2021-20634", "CVE-2021-20849"], "immutableFields": [], "lastseen": "2023-05-27T14:53:11", "viewCount": 85, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20624", "CVE-2021-20625", "CVE-2021-20626", "CVE-2021-20627", "CVE-2021-20628", "CVE-2021-20629", "CVE-2021-20630", "CVE-2021-20631", "CVE-2021-20632", "CVE-2021-20633", "CVE-2021-20634"]}], "rev": 4}, "score": {"value": 1.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-20624", "CVE-2021-20625", "CVE-2021-20626", "CVE-2021-20627", "CVE-2021-20628", "CVE-2021-20629", "CVE-2021-20630", "CVE-2021-20631", "CVE-2021-20632", "CVE-2021-20633", "CVE-2021-20634"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-20624", "epss": 0.00054, "percentile": 0.20499, "modified": "2023-05-07"}, {"cve": "CVE-2021-20625", "epss": 0.00054, "percentile": 0.20499, "modified": "2023-05-07"}, {"cve": "CVE-2021-20626", "epss": 0.00054, "percentile": 0.20499, "modified": "2023-05-07"}, {"cve": "CVE-2021-20627", "epss": 0.00112, "percentile": 0.43077, "modified": "2023-05-07"}, {"cve": "CVE-2021-20628", "epss": 0.00112, "percentile": 0.43077, "modified": "2023-05-07"}, {"cve": "CVE-2021-20629", "epss": 0.00112, "percentile": 0.43077, "modified": "2023-05-07"}, {"cve": "CVE-2021-20630", "epss": 0.00054, "percentile": 0.20499, "modified": "2023-05-07"}, {"cve": "CVE-2021-20631", "epss": 0.00054, "percentile": 0.20499, "modified": "2023-05-07"}, {"cve": "CVE-2021-20632", "epss": 0.00054, "percentile": 0.20499, "modified": "2023-05-07"}, {"cve": "CVE-2021-20633", "epss": 0.00054, "percentile": 0.20499, "modified": "2023-05-07"}, {"cve": "CVE-2021-20634", "epss": 0.00054, "percentile": 0.20499, "modified": "2023-05-07"}], "vulnersScore": 1.7}, "_state": {"dependencies": 1685209315, "score": 1685200094, "epss": 0}, "_internal": {"score_hash": "92275f52df7b5ef8a3e5ab762490ceaa"}}

{"cve": [{"lastseen": "2023-05-27T14:18:18", "description": "Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-18T01:15:00", "type": "cve", "title": "CVE-2021-20631", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20631"], "modified": "2021-03-23T13:43:00", "cpe": ["cpe:/a:cybozu:office:10.8.4"], "id": "CVE-2021-20631", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20631", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:cybozu:office:10.8.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:18:19", "description": "Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-03-18T01:15:00", "type": "cve", "title": "CVE-2021-20632", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20632"], "modified": "2022-06-28T14:11:00", "cpe": ["cpe:/a:cybozu:office:10.8.4"], "id": "CVE-2021-20632", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20632", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:cybozu:office:10.8.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:18:17", "description": "Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-18T01:15:00", "type": "cve", "title": "CVE-2021-20624", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20624"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/a:cybozu:office:10.8.4"], "id": "CVE-2021-20624", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20624", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:cybozu:office:10.8.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:18:17", "description": "Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-03-18T01:15:00", "type": "cve", "title": "CVE-2021-20625", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20625"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/a:cybozu:office:10.8.4"], "id": "CVE-2021-20625", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20625", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:cybozu:office:10.8.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:18:18", "description": "Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-18T01:15:00", "type": "cve", "title": "CVE-2021-20626", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20626"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/a:cybozu:office:10.8.4"], "id": "CVE-2021-20626", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20626", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:cybozu:office:10.8.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:18:19", "description": "Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-03-18T01:15:00", "type": "cve", "title": "CVE-2021-20634", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20634"], "modified": "2022-06-28T14:11:00", "cpe": ["cpe:/a:cybozu:office:10.8.4"], "id": "CVE-2021-20634", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20634", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:cybozu:office:10.8.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:18:18", "description": "Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-03-18T01:15:00", "type": "cve", "title": "CVE-2021-20629", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20629"], "modified": "2021-03-23T13:31:00", "cpe": ["cpe:/a:cybozu:office:10.8.4"], "id": "CVE-2021-20629", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20629", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:cybozu:office:10.8.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:18:18", "description": "Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-03-18T01:15:00", "type": "cve", "title": "CVE-2021-20630", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20630"], "modified": "2022-06-28T14:11:00", "cpe": ["cpe:/a:cybozu:office:10.8.4"], "id": "CVE-2021-20630", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20630", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:cybozu:office:10.8.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:18:18", "description": "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-03-18T01:15:00", "type": "cve", "title": "CVE-2021-20627", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20627"], "modified": "2021-03-23T14:12:00", "cpe": ["cpe:/a:cybozu:office:10.8.4"], "id": "CVE-2021-20627", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20627", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:cybozu:office:10.8.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:18:18", "description": "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-03-18T01:15:00", "type": "cve", "title": "CVE-2021-20628", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20628"], "modified": "2021-03-23T14:28:00", "cpe": ["cpe:/a:cybozu:office:10.8.4"], "id": "CVE-2021-20628", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20628", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:cybozu:office:10.8.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:18:20", "description": "Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-03-18T01:15:00", "type": "cve", "title": "CVE-2021-20633", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20633"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/a:cybozu:office:10.8.4"], "id": "CVE-2021-20633", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20633", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:cybozu:office:10.8.4:*:*:*:*:*:*:*"]}]}