Vulnerabilites related to Cybozu, Inc. - kintone
jvndb-2020-000035
Vulnerability from jvndb
Published
2020-05-29 15:40
Modified
2020-05-29 15:40
Severity ?
Summary
Multiples security updates for multiple Cybozu products
Details
Cybozu, Inc. has released multiple security updates for multiple Cybozu products.
* [CyVDB-2465] Credential Disclosure Vulnerability - CVE-2020-5572
* [CyVDB-2484] Credential Disclosure Vulnerability - CVE-2020-5573
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cybozu, Inc. | kintone | |
| Cybozu, Inc. | Cybozu Mailwise |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000035.html",
"dc:date": "2020-05-29T15:40+09:00",
"dcterms:issued": "2020-05-29T15:40+09:00",
"dcterms:modified": "2020-05-29T15:40+09:00",
"description": "Cybozu, Inc. has released multiple security updates for multiple Cybozu products.\r\n* [CyVDB-2465] Credential Disclosure Vulnerability - CVE-2020-5572\r\n* [CyVDB-2484] Credential Disclosure Vulnerability - CVE-2020-5573\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000035.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:kintone",
"@product": "kintone",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:mailwise",
"@product": "Cybozu Mailwise",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "2.1",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000035",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN78745667/index.html",
"@id": "JVN#78745667",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5572",
"@id": "CVE-2020-5572",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5573",
"@id": "CVE-2020-5573",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5572",
"@id": "CVE-2020-5572",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5573",
"@id": "CVE-2020-5573",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Multiples security updates for multiple Cybozu products"
}
jvndb-2016-000231
Vulnerability from jvndb
Published
2016-11-28 13:47
Modified
2018-01-17 12:34
Severity ?
Summary
kintone mobile for Android fails to verify SSL server certificates
Details
kintone mobile for Android provided by Cybozu, Inc. fails to verify SSL server certificates in WebView.
Note that this vulnerability is different from JVN#91816422.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cybozu, Inc. | kintone |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000231.html",
"dc:date": "2018-01-17T12:34+09:00",
"dcterms:issued": "2016-11-28T13:47+09:00",
"dcterms:modified": "2018-01-17T12:34+09:00",
"description": "kintone mobile for Android provided by Cybozu, Inc. fails to verify SSL server certificates in WebView.\r\nNote that this vulnerability is different from JVN#91816422.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000231.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:kintone",
"@product": "kintone",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000231",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN20252219/index.html",
"@id": "JVN#20252219",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7816",
"@id": "CVE-2016-7816",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7816",
"@id": "CVE-2016-7816",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "kintone mobile for Android fails to verify SSL server certificates"
}
jvndb-2016-000056
Vulnerability from jvndb
Published
2016-04-25 15:36
Modified
2017-05-23 14:28
Severity ?
Summary
kintone mobile for Android fails to verify SSL server certificates
Details
kintone mobile for Android provided by Cybozu, Inc. fails to verify SSL server certificates.
Kusano Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cybozu, Inc. | kintone |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000056.html",
"dc:date": "2017-05-23T14:28+09:00",
"dcterms:issued": "2016-04-25T15:36+09:00",
"dcterms:modified": "2017-05-23T14:28+09:00",
"description": "kintone mobile for Android provided by Cybozu, Inc. fails to verify SSL server certificates.\r\n\r\nKusano Kazuhiko reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000056.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:kintone",
"@product": "kintone",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000056",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN91816422/index.html",
"@id": "JVN#91816422",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1186",
"@id": "CVE-2016-1186",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1186",
"@id": "CVE-2016-1186",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "kintone mobile for Android fails to verify SSL server certificates"
}
jvndb-2016-000055
Vulnerability from jvndb
Published
2016-04-25 15:35
Modified
2016-06-01 16:21
Severity ?
Summary
kintone mobile for Android information management vulnerability
Details
kintone mobile for Android provided by Cybozu, Inc. contains an authentication information management vulnerability.
Kusano Kazuhiko and Gopinath reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cybozu, Inc. | kintone |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000055.html",
"dc:date": "2016-06-01T16:21+09:00",
"dcterms:issued": "2016-04-25T15:35+09:00",
"dcterms:modified": "2016-06-01T16:21+09:00",
"description": "kintone mobile for Android provided by Cybozu, Inc. contains an authentication information management vulnerability.\r\n\r\nKusano Kazuhiko and Gopinath reported this vulnerability to the developer.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000055.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:kintone",
"@product": "kintone",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "2.5",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000055",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN89026267/index.html",
"@id": "JVN#89026267",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1185",
"@id": "CVE-2016-1185",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1185",
"@id": "CVE-2016-1185",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "kintone mobile for Android information management vulnerability"
}