Cybozu Remote Service Security Vulnerabilities and Issues — Cybozu Remote Service CVE List

Lucene search

CybozuCybozu Remote Service

20 matches found

CVE•added 2022/12/07 4:15 a.m.•50 views

CVE-2022-44608

Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.

7.5CVSS7.2AI score0.00268EPSS

CVE•added 2021/10/13 9:15 a.m.•45 views

CVE-2021-20805

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

5.4CVSS5.4AI score0.00209EPSS

CVE•added 2019/01/09 11:29 p.m.•44 views

CVE-2018-16169

Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Java code file on the server via unspecified vectors.

8.8CVSS8.5AI score0.00851EPSS

CVE•added 2021/10/13 9:15 a.m.•44 views

CVE-2021-20797

Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox.

5.4CVSS5.8AI score0.00209EPSS

CVE•added 2019/01/09 11:29 p.m.•43 views

CVE-2018-16171

Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to execute Java code file on the server via unspecified vectors.

8.8CVSS8.8AI score0.01043EPSS

CVE•added 2021/10/13 9:15 a.m.•42 views

CVE-2021-20806

Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

6.1CVSS6.5AI score0.00274EPSS

CVE•added 2021/10/13 9:15 a.m.•41 views

CVE-2021-20796

Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors.

6.5CVSS6.5AI score0.00434EPSS

CVE•added 2021/10/13 9:15 a.m.•41 views

CVE-2021-20798

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

5.4CVSS5.4AI score0.00209EPSS

CVE•added 2021/10/13 9:15 a.m.•41 views

CVE-2021-20807

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors.

6.1CVSS6.3AI score0.00347EPSS

CVE•added 2021/10/13 9:15 a.m.•40 views

CVE-2021-20802

HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product.

5.3CVSS5.7AI score0.00351EPSS

CVE•added 2021/10/13 9:15 a.m.•38 views

CVE-2021-20803

Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen.

5.4CVSS5.6AI score0.00152EPSS

CVE•added 2021/10/13 9:15 a.m.•37 views

CVE-2021-20801

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. This issue occurs only when using Mozilla Firefox.

6.5CVSS6.3AI score0.00488EPSS

CVE•added 2019/01/09 11:29 p.m.•36 views

CVE-2018-16172

Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate.

6.5CVSS7AI score0.00095EPSS

CVE•added 2021/10/13 9:15 a.m.•36 views

CVE-2021-20800

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

5.4CVSS5.4AI score0.00209EPSS

CVE•added 2019/01/09 11:29 p.m.•35 views

CVE-2018-16170

Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 for Windows allows remote authenticated attackers to read arbitrary files via unspecified vectors.

8.1CVSS7.6AI score0.00603EPSS

CVE•added 2021/10/13 9:15 a.m.•35 views

CVE-2021-20795

Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors.

8.8CVSS8.9AI score0.00094EPSS

CVE•added 2021/10/13 9:15 a.m.•35 views

CVE-2021-20799

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

5.4CVSS5.4AI score0.00209EPSS

CVE•added 2021/10/13 9:15 a.m.•35 views

CVE-2021-20804

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors.

6.5CVSS6.3AI score0.00485EPSS

CVE•added 2023/08/03 3:15 p.m.•34 views

CVE-2022-26838

Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.

6.5CVSS6.2AI score0.00606EPSS

CVE•added 2023/11/01 12:15 a.m.•28 views

CVE-2023-46278

Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.

6.5CVSS6.2AI score0.00448EPSS