Cybozu Office Multiple Security Vulnerabilities

Cybozu Office is prone to the following security vulnerabilities.

1. A cross-site scripting vulnerability
2. A security-bypass vulnerability
3. An information-disclosure vulnerability

An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, access or modify data, bypass security restrictions and perform unauthorized actions in the context of the affected application.

Cybozu Office 10.0.0 through 10.5.0 are vulnerable.

Information

Bugtraq ID: 97717
Class: Input Validation Error
CVE: CVE-2017-2114
CVE-2017-2115
CVE-2017-2116

Remote: Yes
Local: No
Published: Apr 18 2017 12:00AM
Updated: Apr 18 2017 12:00AM
Credit: Cybozu, and Kazuto Sagamihara.
Vulnerable: Cybozu Office 10.5
Cybozu Office 10.3
Cybozu Office 10.2
Cybozu Office 10.0.1
Cybozu Office 10.4.0
Cybozu Office 10.0.2

Not Vulnerable:

References:

Cybozu Homepage (Cybozu)
JVN#17535578 Multiple vulnerabilities in Cybozu Office (JPCERT)

Source: www.securityfocus.com

Exploit Collector

Search Exploit

Cybozu Office Multiple Security Vulnerabilities

Information