Summary
This host is installed with Cybozu Office and is prone to authentication bypass vulnerability.
Impact
Successful exploitation will allow remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the 'user&qts' cell phone.
Impact Level: Application.
Solution
Upgrade to Cybozu Office 8 (8.1.0.1).
For updates refer to http://products.cybozu.co.jp/office
Insight
The flaw exists due to insufficient checks being performed when accessing the 'login' interface.
Affected
Cybozu Office before 8 (8.1.0.1).
References
Severity
Classification
-
CVE CVE-2010-2029 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Related Vulnerabilities