10 matches found
JVN#74825766: Cybozu Garoon vulnerable to cross-site scripting
Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting vulnerability in PDF preview CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by...
JVN#94132951: Cybozu Remote Service vulnerable to uncontrolled resource consumption
Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption CWE-400. Impact Certain operations performed by a logged-in user may lead to huge storage space consumption or significantly delayed communication. Solution Update the Software Update the software to...
JVN#79854355: Multiple vulnerabilities in Cybozu Office
Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Directory traversal in the "Customapp" function CWE-22 - CVE-2019-6022 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N| Base Score: 7.7 CVSS v2|...
JVN#20252219: kintone mobile for Android fails to verify SSL server certificates
kintone mobile for Android provided by Cybozu, Inc. fails to verify SSL server certificates in WebView. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provid...
JVN#75990997: Cybozu Garoon vulnerable to access restriction bypass
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Portlets", which may result in an access restriction bypass vulnerability CWE-264. Impact Portlets may be altered by another Cybozu Garoon user. Solution Update the Software Update to the lates...
JVN#00058727: Cybozu Remote Service Manager vulnerable to session fixation
Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate a registered user. As a result...
JVN#10319260: Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)
Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a denial-of-service DoS vulnerability. Impact An attacker may cause a denial-of-service on a server that is installed Remo...
JVN#71045461: Cybozu Garoon vulnerable to SQL injection
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the process of downloading files, which may result in SQL injection. Impact A user who can log in to the system may obtain or alter information on the system. Solution For Cybozu Garoon 3.7: Apply the Patch...
JVN#21336955: Cybozu Dezie vulnerable to cross-site scripting
Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the Software Update to the latest version according to the information provided by the developer. Product...
JVN#84221103: Cybozu Garoon vulnerable to mail header injection
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a mail header injection vulnerability in the Phone Messages function. Impact If the function that forwards Phone Messages to an email address is configured, the header of the email to be forwarded may be altered. Solutio...