jvndb - jvndb-2021-000088

jvndb-2021-000088

Vulnerability from jvndb

Published

2021-09-30 16:03

Modified

2024-04-08 18:09

Severity ?

5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

Multiple vulnerabilities in Cybozu Remote Service

Details

Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * [CyVDB-525] Cross-site request forgery vulnerability in the management screen (CWE-352) - CVE-2021-20795 * [CyVDB-1742] Path traversal vulnerability in the management screen (CWE-22) - CVE-2021-20796 * [CyVDB-1806] Cross-site script inclusion vulnerability in the management screen (CWE-829) - CVE-2021-20797 * [CyVDB-1808] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20798 * [CyVDB-1809] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20799 * [CyVDB-1810] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20800 * [CyVDB-1811] XML external entity injection (XXE) vulnerability (CWE-611) - CVE-2021-20801 * [CyVDB-1814] HTTP header injection vulnerability (CWE-113) - CVE-2021-20802 * [CyVDB-1820] Operation restriction bypass in the management screen (CWE-264) - CVE-2021-20803 * [CyVDB-1830] Denial-of-service (DoS) vulnerability (CWE-400) - CVE-2021-20804 * [CyVDB-1862] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20805 * [CyVDB-1968] Open redirect vulnerability (CWE-601) - CVE-2021-20806 * [CyVDB-2028] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20807 * [CyVDB-877] Path traversal vulnerability in Importing Mobile Device Data (CWE-22) - CVE-2022-26838 CVE-2021-20795 Masaaki Chida reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN. CVE-2021-20796, CVE-2021-20807 Toshitsugu Yoneyama(Mitsui Bussan Secure Directions, Inc.) reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. CVE-2021-20805 Yuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN. CVE-2021-20806 Kanta Nishitani of Ierae Security Inc. reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN. CVE-2021-20797, CVE-2021-20798, CVE-2021-20799, CVE-2021-20800, CVE-2021-20801, CVE-2021-20802, CVE-2021-20803, CVE-2021-20804, CVE-2022-26838 Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN52694228/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20795
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20796
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20797
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20798
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20799
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20800
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20801
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20802
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20803
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20804
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20805
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20806
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20807
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26838
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20795
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20796
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20797
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20798
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20799
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20800
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20801
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20802
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20803
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20804
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20805
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20806
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20807
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-26838
	Path Traversal(CWE-22)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-Site Request Forgery(CWE-352)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Uncontrolled Resource Consumption ('Resource Exhaustion')(CWE-400)	https://cwe.mitre.org/data/definitions/400.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Cybozu, Inc.

Remote Service

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000088.html",
  "dc:date": "2024-04-08T18:09+09:00",
  "dcterms:issued": "2021-09-30T16:03+09:00",
  "dcterms:modified": "2024-04-08T18:09+09:00",
  "description": "Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n\r\n* [CyVDB-525] Cross-site request forgery vulnerability in the management screen (CWE-352) - CVE-2021-20795\r\n* [CyVDB-1742] Path traversal vulnerability in the management screen (CWE-22) - CVE-2021-20796\r\n* [CyVDB-1806] Cross-site script inclusion vulnerability in the management screen (CWE-829) - CVE-2021-20797\r\n* [CyVDB-1808] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20798\r\n* [CyVDB-1809] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20799\r\n* [CyVDB-1810] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20800\r\n* [CyVDB-1811] XML external entity injection (XXE) vulnerability (CWE-611) - CVE-2021-20801\r\n* [CyVDB-1814] HTTP header injection vulnerability (CWE-113) - CVE-2021-20802\r\n* [CyVDB-1820] Operation restriction bypass in the management screen (CWE-264) - CVE-2021-20803\r\n* [CyVDB-1830] Denial-of-service (DoS) vulnerability (CWE-400) - CVE-2021-20804\r\n* [CyVDB-1862] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20805\r\n* [CyVDB-1968] Open redirect vulnerability (CWE-601) - CVE-2021-20806\r\n* [CyVDB-2028] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20807\r\n* [CyVDB-877] Path traversal vulnerability in Importing Mobile Device Data (CWE-22) - CVE-2022-26838\r\n\r\nCVE-2021-20795\r\n Masaaki Chida reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n CVE-2021-20796, CVE-2021-20807\r\n Toshitsugu Yoneyama(Mitsui Bussan Secure Directions, Inc.) reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\n CVE-2021-20805\r\n Yuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n CVE-2021-20806\r\n Kanta Nishitani of Ierae Security Inc. reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n CVE-2021-20797, CVE-2021-20798, CVE-2021-20799, CVE-2021-20800, CVE-2021-20801, CVE-2021-20802, CVE-2021-20803, CVE-2021-20804, CVE-2022-26838\r\n Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000088.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:cybozu_remote_service",
    "@product": "Remote Service",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
      "@version": "2.0"
    },
    {
      "@score": "5.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000088",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN52694228/index.html",
      "@id": "JVN#52694228",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20795",
      "@id": "CVE-2021-20795",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20796",
      "@id": "CVE-2021-20796",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20797",
      "@id": "CVE-2021-20797",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20798",
      "@id": "CVE-2021-20798",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20799",
      "@id": "CVE-2021-20799",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20800",
      "@id": "CVE-2021-20800",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20801",
      "@id": "CVE-2021-20801",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20802",
      "@id": "CVE-2021-20802",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20803",
      "@id": "CVE-2021-20803",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20804",
      "@id": "CVE-2021-20804",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20805",
      "@id": "CVE-2021-20805",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20806",
      "@id": "CVE-2021-20806",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20807",
      "@id": "CVE-2021-20807",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26838",
      "@id": "CVE-2022-26838",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20795",
      "@id": "CVE-2021-20795",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20796",
      "@id": "CVE-2021-20796",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20797",
      "@id": "CVE-2021-20797",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20798",
      "@id": "CVE-2021-20798",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20799",
      "@id": "CVE-2021-20799",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20800",
      "@id": "CVE-2021-20800",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20801",
      "@id": "CVE-2021-20801",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20802",
      "@id": "CVE-2021-20802",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20803",
      "@id": "CVE-2021-20803",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20804",
      "@id": "CVE-2021-20804",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20805",
      "@id": "CVE-2021-20805",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20806",
      "@id": "CVE-2021-20806",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20807",
      "@id": "CVE-2021-20807",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26838",
      "@id": "CVE-2022-26838",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/400.html",
      "@id": "CWE-400",
      "@title": "Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027)(CWE-400)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Remote Service"
}

CVE-2022-26838 (GCVE-0-2022-26838)

Vulnerability from cvelistv5

Published

2023-08-03 13:16

Modified

2024-10-17 14:14

Severity ?

CWE

Path traversal

Summary

Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.

References

URL

Tags

	https://jvn.jp/en/jp/JVN52694228/
	https://kb.cybozu.support/article/37653/

Impacted products

	Vendor	Product	Version
	Cybozu, Inc.	Cybozu Remote Service	Version: 3.1.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:11:44.596Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN52694228/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/37653/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-26838",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T14:13:52.450913Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T14:14:01.224Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Remote Service",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Path traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-03T13:16:16.712Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://jvn.jp/en/jp/JVN52694228/"
        },
        {
          "url": "https://kb.cybozu.support/article/37653/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-26838",
    "datePublished": "2023-08-03T13:16:16.712Z",
    "dateReserved": "2022-04-04T08:48:57.871Z",
    "dateUpdated": "2024-10-17T14:14:01.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20795 (GCVE-0-2021-20795)

Vulnerability from cvelistv5

Published

2021-10-13 08:30

Modified

2024-08-03 17:53

Severity ?

CWE

Cross-site request forgery

Summary

Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors.

References

URL

Tags

	https://kb.cybozu.support/article/37422	x_refsource_MISC
	https://jvn.jp/en/jp/JVN52694228/index.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Cybozu, Inc.	Cybozu Remote Service	Version: 3.1.8 to 3.1.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:53:23.059Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/37422"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Remote Service",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.8 to 3.1.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site request forgery",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-13T08:30:47",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/37422"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20795",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Remote Service",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.1.8 to 3.1.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.cybozu.support/article/37422",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/37422"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN52694228/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20795",
    "datePublished": "2021-10-13T08:30:47",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:53:23.059Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20806 (GCVE-0-2021-20806)

Vulnerability from cvelistv5

Published

2021-10-13 08:31

Modified

2024-08-03 17:53

Severity ?

CWE

Open Redirect

Summary

Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

References

URL

Tags

	https://jvn.jp/en/jp/JVN52694228/index.html	x_refsource_MISC
	https://kb.cybozu.support/article/37419	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Cybozu, Inc.	Cybozu Remote Service	Version: 3.0.0 to 3.1.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:53:22.509Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/37419"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Remote Service",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0 to 3.1.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Open Redirect",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-13T08:31:04",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/37419"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20806",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Remote Service",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.0 to 3.1.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Open Redirect"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN52694228/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/37419",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/37419"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20806",
    "datePublished": "2021-10-13T08:31:04",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:53:22.509Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20801 (GCVE-0-2021-20801)

Vulnerability from cvelistv5

Published

2021-10-13 08:30

Modified

2024-08-03 17:53

Severity ?

CWE

XML external entities (XXE)

Summary

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. This issue occurs only when using Mozilla Firefox.

References

URL

Tags

	https://jvn.jp/en/jp/JVN52694228/index.html	x_refsource_MISC
	https://kb.cybozu.support/article/37423	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Cybozu, Inc.	Cybozu Remote Service	Version: 3.1.8 to 3.1.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:53:22.673Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/37423"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Remote Service",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.8 to 3.1.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. This issue occurs only when using Mozilla Firefox."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XML external entities (XXE)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-13T08:30:56",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/37423"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20801",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Remote Service",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.1.8 to 3.1.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. This issue occurs only when using Mozilla Firefox."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "XML external entities (XXE)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN52694228/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/37423",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/37423"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20801",
    "datePublished": "2021-10-13T08:30:57",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:53:22.673Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20802 (GCVE-0-2021-20802)

Vulnerability from cvelistv5

Published

2021-10-13 08:30

Modified

2024-08-03 17:53

Severity ?

CWE

HTTP header injection

Summary

HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product.

References

URL

Tags

	https://jvn.jp/en/jp/JVN52694228/index.html	x_refsource_MISC
	https://kb.cybozu.support/article/37428	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Cybozu, Inc.	Cybozu Remote Service	Version: 3.1.8 to 3.1.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:53:22.625Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/37428"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Remote Service",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.8 to 3.1.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "HTTP header injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-13T08:30:58",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/37428"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20802",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Remote Service",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.1.8 to 3.1.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "HTTP header injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN52694228/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/37428",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/37428"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20802",
    "datePublished": "2021-10-13T08:30:58",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:53:22.625Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20804 (GCVE-0-2021-20804)

Vulnerability from cvelistv5

Published

2021-10-13 08:31

Modified

2024-08-03 17:53

Severity ?

CWE

Denial-of-service (DoS)

Summary

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors.

References

URL

Tags

	https://jvn.jp/en/jp/JVN52694228/index.html	x_refsource_MISC
	https://kb.cybozu.support/article/37426	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Cybozu, Inc.	Cybozu Remote Service	Version: 3.1.8 to 3.1.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:53:22.817Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/37426"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Remote Service",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.8 to 3.1.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial-of-service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-13T08:31:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/37426"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20804",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Remote Service",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.1.8 to 3.1.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial-of-service (DoS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN52694228/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/37426",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/37426"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20804",
    "datePublished": "2021-10-13T08:31:01",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:53:22.817Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20805 (GCVE-0-2021-20805)

Vulnerability from cvelistv5

Published

2021-10-13 08:31

Modified

2024-08-03 17:53

Severity ?

CWE

Cross-site scripting

Summary

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

References

URL

Tags

	https://jvn.jp/en/jp/JVN52694228/index.html	x_refsource_MISC
	https://kb.cybozu.support/article/37431	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Cybozu, Inc.	Cybozu Remote Service	Version: 3.1.7 to 3.1.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:53:22.671Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/37431"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Remote Service",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.7 to 3.1.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-13T08:31:03",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/37431"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20805",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Remote Service",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.1.7 to 3.1.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN52694228/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/37431",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/37431"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20805",
    "datePublished": "2021-10-13T08:31:03",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:53:22.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20807 (GCVE-0-2021-20807)

Vulnerability from cvelistv5

Published

2021-10-13 08:31

Modified

2024-08-03 17:53

Severity ?

CWE

Cross-site scripting

Summary

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors.

References

URL

Tags

	https://jvn.jp/en/jp/JVN52694228/index.html	x_refsource_MISC
	https://kb.cybozu.support/article/37430	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Cybozu, Inc.	Cybozu Remote Service	Version: 3.0.0 to 3.1.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:53:22.642Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/37430"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Remote Service",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0 to 3.1.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-13T08:31:06",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/37430"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20807",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Remote Service",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.0 to 3.1.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN52694228/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/37430",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/37430"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20807",
    "datePublished": "2021-10-13T08:31:06",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:53:22.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20797 (GCVE-0-2021-20797)

Vulnerability from cvelistv5

Published

2021-10-13 08:30

Modified

2024-08-03 17:53

Severity ?

CWE

Cross-site script inclusion vulnerability

Summary

Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox.

References

URL

Tags

	https://jvn.jp/en/jp/JVN52694228/index.html	x_refsource_MISC
	https://kb.cybozu.support/article/37429	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Cybozu, Inc.	Cybozu Remote Service	Version: 3.1.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:53:23.130Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/37429"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Remote Service",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site script inclusion vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-13T08:30:50",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/37429"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20797",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Remote Service",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site script inclusion vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN52694228/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/37429",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/37429"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20797",
    "datePublished": "2021-10-13T08:30:50",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:53:23.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20800 (GCVE-0-2021-20800)

Vulnerability from cvelistv5

Published

2021-10-13 08:30

Modified

2024-08-03 17:53

Severity ?

CWE

Cross-site scripting

Summary

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

References

URL

Tags

	https://jvn.jp/en/jp/JVN52694228/index.html	x_refsource_MISC
	https://kb.cybozu.support/article/37420	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Cybozu, Inc.	Cybozu Remote Service	Version: 3.1.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:53:22.451Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/37420"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Remote Service",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-13T08:30:55",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/37420"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20800",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Remote Service",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN52694228/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/37420",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/37420"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20800",
    "datePublished": "2021-10-13T08:30:55",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:53:22.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20799 (GCVE-0-2021-20799)

Vulnerability from cvelistv5

Published

2021-10-13 08:30

Modified

2024-08-03 17:53

Severity ?

CWE

Cross-site scripting

Summary

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

References

URL

Tags

	https://jvn.jp/en/jp/JVN52694228/index.html	x_refsource_MISC
	https://kb.cybozu.support/article/37425	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Cybozu, Inc.	Cybozu Remote Service	Version: 3.1.8 to 3.1.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:53:22.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/37425"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Remote Service",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.8 to 3.1.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-13T08:30:53",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/37425"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20799",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Remote Service",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.1.8 to 3.1.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN52694228/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/37425",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/37425"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20799",
    "datePublished": "2021-10-13T08:30:53",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:53:22.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20796 (GCVE-0-2021-20796)

Vulnerability from cvelistv5

Published

2021-10-13 08:30

Modified

2024-08-03 17:53

Severity ?

CWE

Directory traversal

Summary

Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors.

References

URL

Tags

	https://jvn.jp/en/jp/JVN52694228/index.html	x_refsource_MISC
	https://kb.cybozu.support/article/37427	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Cybozu, Inc.	Cybozu Remote Service	Version: 3.1.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:53:22.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/37427"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Remote Service",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-13T08:30:48",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/37427"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20796",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Remote Service",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN52694228/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/37427",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/37427"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20796",
    "datePublished": "2021-10-13T08:30:49",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:53:22.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20803 (GCVE-0-2021-20803)

Vulnerability from cvelistv5

Published

2021-10-13 08:31

Modified

2024-08-03 17:53

Severity ?

CWE

Access controls issue

Summary

Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen.

References

URL

Tags

	https://jvn.jp/en/jp/JVN52694228/index.html	x_refsource_MISC
	https://kb.cybozu.support/article/37421	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Cybozu, Inc.	Cybozu Remote Service	Version: 3.1.8 to 3.1.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:53:22.318Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/37421"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Remote Service",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.8 to 3.1.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Access controls issue",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-13T08:31:00",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/37421"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20803",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Remote Service",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.1.8 to 3.1.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Access controls issue"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN52694228/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/37421",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/37421"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20803",
    "datePublished": "2021-10-13T08:31:00",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:53:22.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20798 (GCVE-0-2021-20798)

Vulnerability from cvelistv5

Published

2021-10-13 08:30

Modified

2024-08-03 17:53

Severity ?

CWE

Cross-site scripting

Summary

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

References

URL

Tags

	https://jvn.jp/en/jp/JVN52694228/index.html	x_refsource_MISC
	https://kb.cybozu.support/article/37424	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Cybozu, Inc.	Cybozu Remote Service	Version: 3.1.8 to 3.1.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:53:22.814Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/37424"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Remote Service",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.8 to 3.1.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-13T08:30:52",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/37424"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20798",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Remote Service",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.1.8 to 3.1.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN52694228/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN52694228/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/37424",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/37424"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20798",
    "datePublished": "2021-10-13T08:30:52",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:53:22.814Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

jvndb-2021-000088

Vulnerability from jvndb

CVE-2022-26838 (GCVE-0-2022-26838)

Vulnerability from cvelistv5

CVE-2021-20795 (GCVE-0-2021-20795)

Vulnerability from cvelistv5

CVE-2021-20806 (GCVE-0-2021-20806)

Vulnerability from cvelistv5

CVE-2021-20801 (GCVE-0-2021-20801)

Vulnerability from cvelistv5

CVE-2021-20802 (GCVE-0-2021-20802)

Vulnerability from cvelistv5

CVE-2021-20804 (GCVE-0-2021-20804)

Vulnerability from cvelistv5

CVE-2021-20805 (GCVE-0-2021-20805)

Vulnerability from cvelistv5

CVE-2021-20807 (GCVE-0-2021-20807)

Vulnerability from cvelistv5

CVE-2021-20797 (GCVE-0-2021-20797)

Vulnerability from cvelistv5

CVE-2021-20800 (GCVE-0-2021-20800)

Vulnerability from cvelistv5

CVE-2021-20799 (GCVE-0-2021-20799)

Vulnerability from cvelistv5

CVE-2021-20796 (GCVE-0-2021-20796)

Vulnerability from cvelistv5

CVE-2021-20803 (GCVE-0-2021-20803)

Vulnerability from cvelistv5

CVE-2021-20798 (GCVE-0-2021-20798)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature