CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0528
https://notcve.org/view.php?id=CVE-2018-0528
Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors. Cybozu Garoon, de la versión 10.0.0 a la 10.7.0, permite que los atacantes autenticados omitan la autenticación para ver los horarios a los que no se les permite acceder mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN51737843/index.html https://support.cybozu.com/ja-jp/article/9812 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2017-10857
https://notcve.org/view.php?id=CVE-2017-10857
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. Cybozu Office desde la versión 10.0.0 hasta 10.6.1 permite que atacantes no autenticados omitan restricciones de acceso para realizar acciones arbitrarias mediante la función Cabinet. • http://jvn.jp/en/jp/JVN14658424/index.html https://support.cybozu.com/ja-jp/article/9811 • CWE-269: Improper Privilege Management •