Office Security Vulnerabilities and Issues — Office CVE List

Lucene search

CybozuOffice

14 matches found

CVE•added 2017/04/28 4:59 p.m.•52 views

CVE-2017-2115

Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.

4.3CVSS4.8AI score0.00125EPSS

CVE•added 2017/04/28 4:59 p.m.•49 views

CVE-2017-2116

Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.

4.3CVSS5AI score0.00195EPSS

CVE•added 2017/04/28 4:59 p.m.•46 views

CVE-2017-2114

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5.4AI score0.00181EPSS

CVE•added 2017/04/17 3:59 p.m.•40 views

CVE-2016-4865

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.

4.8CVSS5AI score0.00404EPSS

CVE•added 2017/04/17 3:59 p.m.•40 views

CVE-2016-4868

Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.

4.3CVSS4.8AI score0.00672EPSS

CVE•added 2017/04/17 3:59 p.m.•40 views

CVE-2016-4870

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.

5.4CVSS5.1AI score0.00276EPSS

CVE•added 2017/10/12 2:29 p.m.•39 views

CVE-2017-10857

Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.

4.3CVSS4.7AI score0.00139EPSS

CVE•added 2017/04/17 3:59 p.m.•38 views

CVE-2016-4874

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.

3.5CVSS4.2AI score0.00231EPSS

CVE•added 2017/04/17 3:59 p.m.•36 views

CVE-2016-4867

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.

4.3CVSS4.2AI score0.00216EPSS

CVE•added 2017/04/17 3:59 p.m.•36 views

CVE-2016-4869

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.

6.5CVSS6.2AI score0.01162EPSS

CVE•added 2017/04/17 3:59 p.m.•36 views

CVE-2016-4873

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.

4.3CVSS4.7AI score0.00279EPSS

CVE•added 2017/04/17 3:59 p.m.•34 views

CVE-2016-4872

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.

4.3CVSS4.2AI score0.00216EPSS

CVE•added 2017/04/17 3:59 p.m.•32 views

CVE-2016-4866

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.

4.8CVSS5AI score0.00404EPSS

CVE•added 2017/04/17 3:59 p.m.•32 views

CVE-2016-4871

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.

6.8CVSS6.4AI score0.01511EPSS