JVN#90420168: Cybozu products vulnerable to directory traversal

2006-08-28T00:00:00
ID JVN:90420168
Type jvn
Reporter Japan Vulnerability Notes
Modified 2013-04-17T00:00:00

Description

## Description

## Impact

A remote authenticated attacker could read an arbitrary file on the server. The files that can be viewed by an attacker depend on the environment where the Cybozu products are installed.

## Solution

## Products Affected

  • Cybozu Office 6 5 (1.2) and earlier
  • Cybozu Garoon 1.5 (4.0) and earlier
  • Centralized Management System 1.5(4.0) and earlier
  • Workgroup System 1.5(4.0) and earlier
  • Billboard Server 1.0(0.6) and earlier
  • File Management Server 1.0(0.6) and earlier
  • Facility Reservation Server 1.0(0.6) and earlier
  • Workflow 1.0 (1.0) and earlier
  • Cybozu Mailwise 3.0 (0.2) and earlier
  • Cybozu Collaborex1.5 (0.5) and earlier
  • Cybozu AG 1.2 (1.4) and earlier
  • Cybozu AG Pocket 5.2 (0.7) and earlier
  • Share360 2.5(0.2) and earlier For more information, refer to the vendor's website.