CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0566
https://notcve.org/view.php?id=CVE-2018-0566
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors. Cybozu Office, de la versión 10.0.0 a la 10.8.0, permite que los atacantes autenticados omitan la autenticación para obtener los horarios sin el privilegio de acceso mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN51737843/index.html https://support.cybozu.com/ja-jp/article/10195 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2017-10857
https://notcve.org/view.php?id=CVE-2017-10857
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. Cybozu Office desde la versión 10.0.0 hasta 10.6.1 permite que atacantes no autenticados omitan restricciones de acceso para realizar acciones arbitrarias mediante la función Cabinet. • http://jvn.jp/en/jp/JVN14658424/index.html https://support.cybozu.com/ja-jp/article/9811 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2017-2115
https://notcve.org/view.php?id=CVE-2017-2115
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. Cybozu Office desde 10.0.0 a 10.5.0 permite a un atacante remoto autenticado sortear las restricciones de acceso para obtener información "customapp" a través de vectores no especificados. • http://jvn.jp/en/jp/JVN17535578/index.html http://www.securityfocus.com/bid/97717 https://support.cybozu.com/ja-jp/article/9737 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2017-2116
https://notcve.org/view.php?id=CVE-2017-2116
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. Cybozu Office 10.0.0 hasta 10.5.0 permite a un atacante remoto autenticado sortear la restricción de acceso para borrar plantillas "customapp" a través de vectores no especificados. • http://jvn.jp/en/jp/JVN17535578/index.html http://www.securityfocus.com/bid/97717 https://support.cybozu.com/ja-jp/article/9736 •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2017-2114
https://notcve.org/view.php?id=CVE-2017-2114
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting en Cybozu Office 10.0.0 hasta 10.5.0 permite a un atacante remoto autenticado inyectar script web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN17535578/index.html http://www.securityfocus.com/bid/97717 https://support.cybozu.com/ja-jp/article/9738 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •