Vulnerabilites related to cybozu - mailwise
CVE-2013-4698 (GCVE-0-2013-4698)
Vulnerability from cvelistv5
Published
2013-08-16 01:00
Modified
2024-09-17 02:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines within the user's own mailbox.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2013-000077",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20130812up02.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN21103639/374951/index.html"
},
{
"name": "JVN#21103639",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN21103639/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines within the user\u0027s own mailbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-16T01:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2013-000077",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/20130812up02.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jvn.jp/en/jp/JVN21103639/374951/index.html"
},
{
"name": "JVN#21103639",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN21103639/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-4698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines within the user\u0027s own mailbox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000077",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000077"
},
{
"name": "http://cs.cybozu.co.jp/information/20130812up02.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/20130812up02.php"
},
{
"name": "http://jvn.jp/en/jp/JVN21103639/374951/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN21103639/374951/index.html"
},
{
"name": "JVN#21103639",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN21103639/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-4698",
"datePublished": "2013-08-16T01:00:00Z",
"dateReserved": "2013-06-26T00:00:00Z",
"dateUpdated": "2024-09-17T02:42:32.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2305 (GCVE-0-2013-2305)
Vulnerability from cvelistv5
Published
2013-04-25 10:00
Modified
2024-09-16 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:45.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20130415up10.php"
},
{
"name": "JVN#06251813",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"name": "JVNDB-2013-000034",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-25T10:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/20130415up10.php"
},
{
"name": "JVN#06251813",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"name": "JVNDB-2013-000034",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-2305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20130415up10.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/20130415up10.php"
},
{
"name": "JVN#06251813",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"name": "http://jvn.jp/en/jp/JVN06251813/374951/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"name": "JVNDB-2013-000034",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-2305",
"datePublished": "2013-04-25T10:00:00Z",
"dateReserved": "2013-03-04T00:00:00Z",
"dateUpdated": "2024-09-16T16:18:26.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4841 (GCVE-0-2016-4841)
Vulnerability from cvelistv5
Published
2017-04-21 14:00
Modified
2024-08-06 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:39:26.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9607"
},
{
"name": "92459",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92459"
},
{
"name": "JVNDB-2016-000135",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000135.html"
},
{
"name": "JVN#01353821",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN01353821/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-21T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9607"
},
{
"name": "92459",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92459"
},
{
"name": "JVNDB-2016-000135",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000135.html"
},
{
"name": "JVN#01353821",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN01353821/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9607",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9607"
},
{
"name": "92459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92459"
},
{
"name": "JVNDB-2016-000135",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000135.html"
},
{
"name": "JVN#01353821",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN01353821/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4841",
"datePublished": "2017-04-21T14:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:39:26.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1334 (GCVE-0-2011-1334)
Vulnerability from cvelistv5
Published
2011-06-29 17:00
Modified
2024-09-17 01:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the mail system."
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"name": "73317",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/73317"
},
{
"name": "48446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48446"
},
{
"name": "JVN#54074460",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN54074460/index.html"
},
{
"name": "45043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45043"
},
{
"name": "JVNDB-2011-000046",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the mail system.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-29T17:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"name": "73317",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/73317"
},
{
"name": "48446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48446"
},
{
"name": "JVN#54074460",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN54074460/index.html"
},
{
"name": "45043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45043"
},
{
"name": "JVNDB-2011-000046",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the mail system.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cybozu.co.jp/products/dl/notice/detail/0019.html",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"name": "73317",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/73317"
},
{
"name": "48446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48446"
},
{
"name": "JVN#54074460",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN54074460/index.html"
},
{
"name": "45043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45043"
},
{
"name": "JVNDB-2011-000046",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-1334",
"datePublished": "2011-06-29T17:00:00Z",
"dateReserved": "2011-03-09T00:00:00Z",
"dateUpdated": "2024-09-17T01:16:50.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5314 (GCVE-0-2014-5314)
Vulnerability from cvelistv5
Published
2014-11-24 02:00
Modified
2024-08-06 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:48.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62248",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62248"
},
{
"name": "JVN#14691234",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN14691234/index.html"
},
{
"name": "JVNDB-2014-000130",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2014/1110-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "62248",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62248"
},
{
"name": "JVN#14691234",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN14691234/index.html"
},
{
"name": "JVNDB-2014-000130",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cs.cybozu.co.jp/2014/1110-2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-5314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62248",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62248"
},
{
"name": "JVN#14691234",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN14691234/index.html"
},
{
"name": "JVNDB-2014-000130",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130"
},
{
"name": "https://cs.cybozu.co.jp/2014/1110-2.html",
"refsource": "CONFIRM",
"url": "https://cs.cybozu.co.jp/2014/1110-2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-5314",
"datePublished": "2014-11-24T02:00:00",
"dateReserved": "2014-08-18T00:00:00",
"dateUpdated": "2024-08-06T11:41:48.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4842 (GCVE-0-2016-4842)
Vulnerability from cvelistv5
Published
2017-04-20 18:00
Modified
2024-08-06 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:39:26.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9606"
},
{
"name": "JVNDB-2016-000136",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000136.html"
},
{
"name": "JVN#02576342",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN02576342/index.html"
},
{
"name": "92460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-20T17:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9606"
},
{
"name": "JVNDB-2016-000136",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000136.html"
},
{
"name": "JVN#02576342",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN02576342/index.html"
},
{
"name": "92460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9606",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9606"
},
{
"name": "JVNDB-2016-000136",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000136.html"
},
{
"name": "JVN#02576342",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN02576342/index.html"
},
{
"name": "92460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4842",
"datePublished": "2017-04-20T18:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:39:26.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0702 (GCVE-0-2018-0702)
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 03:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Directory traversal
Summary
Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Mailwise |
Version: 5.0.0 to 5.4.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/34135/"
},
{
"name": "JVN#83739174",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN83739174/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Mailwise",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.4.5"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/34135/"
},
{
"name": "JVN#83739174",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN83739174/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Mailwise",
"version": {
"version_data": [
{
"version_value": "5.0.0 to 5.4.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cybozu.support/article/34135/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34135/"
},
{
"name": "JVN#83739174",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN83739174/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0702",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:35:48.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5572 (GCVE-0-2020-5572)
Vulnerability from cvelistv5
Published
2020-05-29 08:40
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Android App 'Mailwise for Android' |
Version: 1.0.0 to 1.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36411/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN78745667/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android App \u0027Mailwise for Android\u0027",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "1.0.0 to 1.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Android App \u0027Mailwise for Android\u0027 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T08:40:17",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36411/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN78745667/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android App \u0027Mailwise for Android\u0027",
"version": {
"version_data": [
{
"version_value": "1.0.0 to 1.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Android App \u0027Mailwise for Android\u0027 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cybozu.support/article/36411/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36411/"
},
{
"name": "https://jvn.jp/en/jp/JVN78745667/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN78745667/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5572",
"datePublished": "2020-05-29T08:40:17",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4491 (GCVE-0-2006-4491)
Vulnerability from cvelistv5
Published
2006-08-31 22:00
Modified
2024-08-07 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2(1.5), AG Pocket before 5.2(0.8), Mailwise before 3.0(0.3), and Garoon 1 before 1.5(4.1) allows remote authenticated users to read arbitrary files via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#90420168",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2390420168/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"name": "28262",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28262"
},
{
"name": "1016759",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016759"
},
{
"name": "21638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21638"
},
{
"name": "21656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21656"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2(1.5), AG Pocket before 5.2(0.8), Mailwise before 3.0(0.3), and Garoon 1 before 1.5(4.1) allows remote authenticated users to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVN#90420168",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2390420168/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"name": "28262",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28262"
},
{
"name": "1016759",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016759"
},
{
"name": "21638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21638"
},
{
"name": "21656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21656"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2(1.5), AG Pocket before 5.2(0.8), Mailwise before 3.0(0.3), and Garoon 1 before 1.5(4.1) allows remote authenticated users to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#90420168",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2390420168/index.html"
},
{
"name": "http://cybozu.co.jp/products/dl/notice_060825/",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"name": "28262",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28262"
},
{
"name": "1016759",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016759"
},
{
"name": "21638",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21638"
},
{
"name": "21656",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21656"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4491",
"datePublished": "2006-08-31T22:00:00",
"dateReserved": "2006-08-31T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4843 (GCVE-0-2016-4843)
Vulnerability from cvelistv5
Published
2017-04-20 18:00
Modified
2024-08-06 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:39:26.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#03052683",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN03052683/index.html"
},
{
"name": "92461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92461"
},
{
"name": "JVNDB-2016-000137",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000137.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9654"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-20T17:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#03052683",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN03052683/index.html"
},
{
"name": "92461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92461"
},
{
"name": "JVNDB-2016-000137",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000137.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9654"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#03052683",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN03052683/index.html"
},
{
"name": "92461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92461"
},
{
"name": "JVNDB-2016-000137",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000137.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9654",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9654"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4843",
"datePublished": "2017-04-20T18:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:39:26.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4844 (GCVE-0-2016-4844)
Vulnerability from cvelistv5
Published
2017-04-20 18:00
Modified
2024-08-06 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:39:26.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#04125292",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN04125292/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9605"
},
{
"name": "92462",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92462"
},
{
"name": "JVNDB-2016-000138",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000138.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-20T17:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#04125292",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN04125292/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9605"
},
{
"name": "92462",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92462"
},
{
"name": "JVNDB-2016-000138",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000138.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#04125292",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN04125292/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9605",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9605"
},
{
"name": "92462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92462"
},
{
"name": "JVNDB-2016-000138",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000138.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4844",
"datePublished": "2017-04-20T18:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:39:26.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0559 (GCVE-0-2018-0559)
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Mailwise |
Version: 5.0.0 to 5.4.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#52319657",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/10196"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Mailwise",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.4.1"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML \u0027Address\u0027 via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#52319657",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/10196"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Mailwise",
"version": {
"version_data": [
{
"version_value": "5.0.0 to 5.4.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML \u0027Address\u0027 via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#52319657",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/10196",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/10196"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0559",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0557 (GCVE-0-2018-0557)
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Mailwise |
Version: 5.0.0 to 5.4.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#52319657",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/10194"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Mailwise",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.4.1"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML \u0027E-mail Details Screen\u0027 via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#52319657",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/10194"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Mailwise",
"version": {
"version_data": [
{
"version_value": "5.0.0 to 5.4.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML \u0027E-mail Details Screen\u0027 via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#52319657",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/10194",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/10194"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0557",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0558 (GCVE-0-2018-0558)
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Mailwise |
Version: 5.0.0 to 5.4.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#52319657",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/10193"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Mailwise",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.4.1"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in \u0027System settings\u0027 via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#52319657",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/10193"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Mailwise",
"version": {
"version_data": [
{
"version_value": "5.0.0 to 5.4.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in \u0027System settings\u0027 via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#52319657",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/10193",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/10193"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0558",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-11-24 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:office:*:*:*:*:*:*:*:*",
"matchCriteriaId": "142452AB-E9B0-4E43-AD9C-474FB5C51528",
"versionEndIncluding": "10.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B029709C-5ED7-4F29-8DA9-AFF9D678429F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:dezie:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14A8A40C-FA58-487B-A2B2-CA1B14AC67A1",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:mailwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD43C232-8895-43B5-9E99-BCAAF1A6B5D6",
"versionEndIncluding": "5.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15C487FD-CFC3-4E63-8E8D-0DFD4BEF678D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en Cybozu Office 9 y 10 anterior a 10.1.0, Mailwise 4 y 5 anterior a 5.1.4, y Dezie 8 anterior a 8.1.1 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de mensajes de email."
}
],
"id": "CVE-2014-5314",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-24T02:59:00.083",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN14691234/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://secunia.com/advisories/62248"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2014/1110-2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN14691234/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2014/1110-2.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-09 23:29
Modified
2024-11-21 03:38
Severity ?
Summary
Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN83739174/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/34135/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN83739174/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/34135/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:mailwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68C1F7AD-44FD-4FAC-8B60-3DB7F49072C1",
"versionEndIncluding": "5.4.5",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Cybozu Mailwise, desde la versi\u00f3n 5.0.0 hasta la 5.4.5, que permite que un atacante remoto elimine archivos arbitrarios mediante vectores sin especificar."
}
],
"id": "CVE-2018-0702",
"lastModified": "2024-11-21T03:38:46.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-09T23:29:02.077",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN83739174/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/34135/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN83739174/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/34135/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-16 01:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines within the user's own mailbox.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "591C09B6-73E2-42A7-A2AD-AE703DDBE06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "645BE048-9DB7-44F3-A75D-0552C292E8B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines within the user\u0027s own mailbox."
},
{
"lang": "es",
"value": "Cybozu Mailwise v5.0.4 y v5.0.5 permite a los usuarios remotos autenticados obtener contenidos de e-mails sensibles destinados a diferentes personas en circunstancias oportunas mediante la lectura de las l\u00edneas de encabezado de asunto en el propio buz\u00f3n del usuario."
}
],
"id": "CVE-2013-4698",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-16T01:55:16.600",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/20130812up02.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN21103639/374951/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN21103639/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/20130812up02.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN21103639/374951/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN21103639/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000077"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 18:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN04125292/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000138.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/92462 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9605 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN04125292/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000138.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92462 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9605 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | mailwise | 5.0.0 | |
| cybozu | mailwise | 5.0.1 | |
| cybozu | mailwise | 5.0.4 | |
| cybozu | mailwise | 5.0.5 | |
| cybozu | mailwise | 5.0.6 | |
| cybozu | mailwise | 5.1.0 | |
| cybozu | mailwise | 5.1.1 | |
| cybozu | mailwise | 5.1.2 | |
| cybozu | mailwise | 5.1.4 | |
| cybozu | mailwise | 5.2.0 | |
| cybozu | mailwise | 5.2.1 | |
| cybozu | mailwise | 5.3.0 | |
| cybozu | mailwise | 5.3.1 | |
| cybozu | mailwise | 5.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F066F85C-F84C-45DA-87CC-0C8202C00460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3956F26C-233C-4A7F-9745-14A2CEB6F4CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "591C09B6-73E2-42A7-A2AD-AE703DDBE06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "645BE048-9DB7-44F3-A75D-0552C292E8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F9479A2D-4EF3-4E9B-9AB9-9D2047F46A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83DF50B7-3651-42A2-B7CB-314D18DA068C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E95A740-7F86-472A-9925-69A7F30BD1A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C767208D-84D8-44F0-85E3-9815CC1FED54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71146EC4-726F-4D95-8590-17703FD40DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22B4478B-BD20-4472-8934-2DA5FA854C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF436BB-5A1A-4FEB-9E46-B27DBA8151B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "146FB304-DC98-440F-8EF4-643B077A857A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC12232-C103-4F2C-B639-ED5DA2B5DFE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A7D360-F236-4C5A-A059-4A21AF98C90E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks."
},
{
"lang": "es",
"value": "Cybozu Mailwise en versiones anteriores a 5.4.0 permite a atacantes remotos conducir ataques de clickjacking."
}
],
"id": "CVE-2016-4844",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T18:59:00.687",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN04125292/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000138.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92462"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN04125292/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000138.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9605"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 18:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN02576342/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000136.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/92460 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9606 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN02576342/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000136.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92460 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9606 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | mailwise | 5.0.0 | |
| cybozu | mailwise | 5.0.1 | |
| cybozu | mailwise | 5.0.4 | |
| cybozu | mailwise | 5.0.5 | |
| cybozu | mailwise | 5.0.6 | |
| cybozu | mailwise | 5.1.0 | |
| cybozu | mailwise | 5.1.1 | |
| cybozu | mailwise | 5.1.2 | |
| cybozu | mailwise | 5.1.4 | |
| cybozu | mailwise | 5.2.0 | |
| cybozu | mailwise | 5.2.1 | |
| cybozu | mailwise | 5.3.0 | |
| cybozu | mailwise | 5.3.1 | |
| cybozu | mailwise | 5.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F066F85C-F84C-45DA-87CC-0C8202C00460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3956F26C-233C-4A7F-9745-14A2CEB6F4CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "591C09B6-73E2-42A7-A2AD-AE703DDBE06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "645BE048-9DB7-44F3-A75D-0552C292E8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F9479A2D-4EF3-4E9B-9AB9-9D2047F46A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83DF50B7-3651-42A2-B7CB-314D18DA068C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E95A740-7F86-472A-9925-69A7F30BD1A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C767208D-84D8-44F0-85E3-9815CC1FED54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71146EC4-726F-4D95-8590-17703FD40DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22B4478B-BD20-4472-8934-2DA5FA854C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF436BB-5A1A-4FEB-9E46-B27DBA8151B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "146FB304-DC98-440F-8EF4-643B077A857A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC12232-C103-4F2C-B639-ED5DA2B5DFE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A7D360-F236-4C5A-A059-4A21AF98C90E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read."
},
{
"lang": "es",
"value": "Cybozu Mailwise en versiones anteriores a 5.4.0 permite a atacantes remotos obtener informaci\u00f3n cuando un email es le\u00eddo."
}
],
"id": "CVE-2016-4842",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T18:59:00.607",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN02576342/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000136.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92460"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN02576342/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000136.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9606"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-29 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the mail system."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 6 | |
| cybozu | garoon | 2.0.0 | |
| cybozu | garoon | 2.0.1 | |
| cybozu | garoon | 2.0.2 | |
| cybozu | garoon | 2.0.3 | |
| cybozu | garoon | 2.0.4 | |
| cybozu | garoon | 2.0.5 | |
| cybozu | garoon | 2.0.6 | |
| cybozu | garoon | 2.1.0 | |
| cybozu | garoon | 2.1.1 | |
| cybozu | garoon | 2.1.2 | |
| cybozu | garoon | 2.1.3 | |
| cybozu | dezie | * | |
| cybozu | dezie | 1.0 | |
| cybozu | dezie | 2.0 | |
| cybozu | dezie | 3.0 | |
| cybozu | dezie | 4.0 | |
| cybozu | dezie | 5.0 | |
| cybozu | dezie | 5.1 | |
| cybozu | mailwise | * | |
| cybozu | mailwise | 1.0 | |
| cybozu | mailwise | 2.0 | |
| cybozu | mailwise | 2.1 | |
| cybozu | collaborex | * | |
| cybozu | collaborex | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:office:6:*:*:*:*:*:*:*",
"matchCriteriaId": "840B6B7E-3894-42FE-9703-9F58E3E1C343",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "348C389E-ADFD-4D2C-AA54-220664EA2755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48F3F19B-25A7-4E9E-9961-1F7C8DBC0327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AE0E10-87A4-4862-A873-A943F44A9862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D773E-B6DE-4FD2-A911-0D13C6CA902C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C846A750-F26E-4F1F-85A3-F95BCC9F8A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E139B6A-2F36-4EB5-BA1F-84D67C89E935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:dezie:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A008D879-B6CC-4B4E-AC09-2EE95C766C97",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:dezie:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF84B9B-33F4-4AC2-BD73-75F534C2C44F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:dezie:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "215F885A-9E88-4A1A-9DC2-D3F0C49D5EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:dezie:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "485DBA87-EC8A-42B7-A733-75DCC80D582F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:dezie:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8402C259-A94C-4565-8966-A7EBC6309D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:dezie:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FB82E3-EA14-4A4A-949A-FCB0FDF53933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:dezie:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E63153C-484C-408A-B147-BB25D93F3B19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:mailwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B063F64-8A73-4D16-B6CB-FC832CAA91F2",
"versionEndIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51929894-F74C-4F8D-A12F-73CBA4FED396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE25F18D-2317-4646-A00A-D627E3BF3868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A28D9F5-6A27-42B5-8640-8560D68D930E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:collaborex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1271BA9-9FD3-444C-B36F-68B4C0AA3189",
"versionEndIncluding": "1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:collaborex:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A910D1FE-CBF2-4AF5-B322-A1B87E53D75F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the mail system.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Cybozu Office v6, Cybozu Garoon v2.0.0 hasta v2.1.3, Cybozu Dezie antes de v6.1, Cybozu MailWise antes de v3.1, y Cybozu Collaborex antes de v1.5 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con \"la descarga de archivos gr\u00e1ficos desde el sistema de correo\"."
}
],
"id": "CVE-2011-1334",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-29T17:55:02.877",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN54074460/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45043"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.osvdb.org/73317"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/48446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN54074460/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/73317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48446"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-31 22:04
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2(1.5), AG Pocket before 5.2(0.8), Mailwise before 3.0(0.3), and Garoon 1 before 1.5(4.1) allows remote authenticated users to read arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | collaborex | * | |
| cybozu | cybozu_ag | 1.2\(1.4\) | |
| cybozu | cybozu_pocket | 5.2\(0.7\) | |
| cybozu | garoon_1 | 1.5\(4.0\) | |
| cybozu | mailwise | 3.0\(0.2\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:collaborex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CED5BAA4-1DD1-4DC3-A777-1402E55ED4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_ag:1.2\\(1.4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3AE1109F-8CB8-4844-AAEA-00C28DA8A495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_pocket:5.2\\(0.7\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B1A8DF13-14FD-4BF2-BF6A-B931C319DA12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon_1:1.5\\(4.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CD557756-9B60-4983-AE38-74EF6C2B3C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:3.0\\(0.2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CAB86035-A71A-4198-BADF-CA6723F2209E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2(1.5), AG Pocket before 5.2(0.8), Mailwise before 3.0(0.3), and Garoon 1 before 1.5(4.1) allows remote authenticated users to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de atravesamiento de directorios en Cybozu Collaborex, AG anterior a 1.2(1.5), AG Pocket anterior a 5.2(0.8), Mailwise anterior a 3.0(0.3), y Garoon 1 anterior a 1.5(4.1) permite a usuarios remotos autenticados leer archivos de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2006-4491",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-31T22:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://jvn.jp/jp/JVN%2390420168/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21638"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21656"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016759"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://jvn.jp/jp/JVN%2390420168/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28262"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-25 10:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | cybozu_office | * | |
| cybozu | cybozu_office | 6 | |
| cybozu | cybozu_office | 7 | |
| cybozu | cybozu_office | 9 | |
| cybozu | cybozu_office | 9.2.1 | |
| cybozu | cybozu_dezie | * | |
| cybozu | cybozu_dezie | 8.0.0 | |
| cybozu | cybozu_dezie | 8.0.1 | |
| cybozu | cybozu_dezie | 8.0.2 | |
| cybozu | cybozu_dezie | 8.0.3 | |
| cybozu | cybozu_dezie | 8.0.4 | |
| cybozu | cybozu_dezie | 8.0.5 | |
| cybozu | mailwise | * | |
| cybozu | mailwise | 1.0 | |
| cybozu | mailwise | 2.0 | |
| cybozu | mailwise | 2.1 | |
| cybozu | mailwise | 3.0 | |
| cybozu | mailwise | 3.0\(0.2\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35E7F6E6-4DFC-41D3-A23C-CDC9555AB5BB",
"versionEndIncluding": "8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B6B282-E664-4629-B028-C04CAB527D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:7:*:*:*:*:*:*:*",
"matchCriteriaId": "60CD7A78-766B-4137-842F-BC666434BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:9:*:*:*:*:*:*:*",
"matchCriteriaId": "DF14835A-C823-4D8B-9908-EBEDED7C713A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "687E7EFF-4B7C-4F58-9B45-30C40E438621",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:cybozu_dezie:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FADBC1A-D485-45C8-AEC6-3C50E2C4A472",
"versionEndIncluding": "8.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_dezie:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B27EBAB0-63CC-42FC-A1B5-685EDE65C7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_dezie:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "216BA4D1-6D06-4AE2-9F15-82868CC3A17B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_dezie:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D09EA8-D423-4105-B5E5-0396F0EBE0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_dezie:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "318E023B-104E-49C8-81D3-2ACD57788A7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_dezie:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B8651495-0B9A-4F6E-B3D3-9F666A9302D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_dezie:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "64C34368-EA05-4ECF-944F-260FFEEFF70C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:mailwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "689C0D4C-B10B-4DC9-B779-20FC993344E4",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51929894-F74C-4F8D-A12F-73CBA4FED396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE25F18D-2317-4646-A00A-D627E3BF3868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A28D9F5-6A27-42B5-8640-8560D68D930E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25E13BA8-A41F-4406-BBB3-8B2D969FB8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:3.0\\(0.2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CAB86035-A71A-4198-BADF-CA6723F2209E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords."
},
{
"lang": "es",
"value": "Falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Cybozu Office antes de v8.1.6 y v9.x antes de v9.3.0, Cybozu Dezie antes de v8.0.7 y Cybozu Mailwise antes de v5.0.4 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los usuarios arbitrarios para pide que el cambio de contrase\u00f1as."
}
],
"id": "CVE-2013-2305",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-04-25T10:55:02.210",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/20130415up10.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/20130415up10.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-29 09:15
Modified
2024-11-21 05:34
Severity ?
Summary
Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN78745667/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36411/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN78745667/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36411/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:mailwise:*:*:*:*:*:android:*:*",
"matchCriteriaId": "1CA2F44C-AA91-4B4F-8803-C5D3DDF5D0C9",
"versionEndIncluding": "1.0.1",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Android App \u0027Mailwise for Android\u0027 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors."
},
{
"lang": "es",
"value": "Android App \"Mailwise for Android\" versiones 1.0.0 hasta 2.5, permite a un atacante obtener informaci\u00f3n de credenciales registrada en el producto por medio de vectores no especificados."
}
],
"id": "CVE-2020-5572",
"lastModified": "2024-11-21T05:34:17.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-29T09:15:09.487",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN78745667/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36411/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN78745667/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36411/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-26 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN52319657/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/10194 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN52319657/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/10194 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:mailwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "166D12B7-EC79-4667-BD32-C72E3F5F3696",
"versionEndIncluding": "5.4.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML \u0027E-mail Details Screen\u0027 via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) persistente en Cybozu Mailwise, de la versi\u00f3n 5.0.0 a la 5.4.1, permite que atacantes remotos autenticados inyecte scripts web o HTML \"E-mail Details Screen\" arbitrarios mediante vectores sin especificar."
}
],
"id": "CVE-2018-0557",
"lastModified": "2024-11-21T03:38:28.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-26T14:29:00.427",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/10194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/10194"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-21 14:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN01353821/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000135.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/92459 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9607 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN01353821/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000135.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92459 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9607 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | mailwise | 5.0.0 | |
| cybozu | mailwise | 5.0.1 | |
| cybozu | mailwise | 5.0.4 | |
| cybozu | mailwise | 5.0.5 | |
| cybozu | mailwise | 5.0.6 | |
| cybozu | mailwise | 5.1.0 | |
| cybozu | mailwise | 5.1.1 | |
| cybozu | mailwise | 5.1.2 | |
| cybozu | mailwise | 5.1.4 | |
| cybozu | mailwise | 5.2.0 | |
| cybozu | mailwise | 5.2.1 | |
| cybozu | mailwise | 5.3.0 | |
| cybozu | mailwise | 5.3.1 | |
| cybozu | mailwise | 5.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F066F85C-F84C-45DA-87CC-0C8202C00460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3956F26C-233C-4A7F-9745-14A2CEB6F4CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "591C09B6-73E2-42A7-A2AD-AE703DDBE06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "645BE048-9DB7-44F3-A75D-0552C292E8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F9479A2D-4EF3-4E9B-9AB9-9D2047F46A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83DF50B7-3651-42A2-B7CB-314D18DA068C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E95A740-7F86-472A-9925-69A7F30BD1A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C767208D-84D8-44F0-85E3-9815CC1FED54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71146EC4-726F-4D95-8590-17703FD40DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22B4478B-BD20-4472-8934-2DA5FA854C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF436BB-5A1A-4FEB-9E46-B27DBA8151B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "146FB304-DC98-440F-8EF4-643B077A857A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC12232-C103-4F2C-B639-ED5DA2B5DFE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A7D360-F236-4C5A-A059-4A21AF98C90E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers."
},
{
"lang": "es",
"value": "Cybozu Mailwise en versiones anteriores a 5.4.0 permite a atacantes inyectar las cabeceras de email arbitrarios."
}
],
"id": "CVE-2016-4841",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-21T14:59:00.460",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN01353821/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000135.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92459"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN01353821/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000135.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9607"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-26 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN52319657/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/10193 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN52319657/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/10193 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:mailwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "166D12B7-EC79-4667-BD32-C72E3F5F3696",
"versionEndIncluding": "5.4.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in \u0027System settings\u0027 via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) reflejado en Cybozu Mailwise, de la versi\u00f3n 5.0.0 a la 5.4.1, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios en \"System settings\" mediante vectores sin especificar."
}
],
"id": "CVE-2018-0558",
"lastModified": "2024-11-21T03:38:28.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-26T14:29:00.473",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/10193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/10193"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 18:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN03052683/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000137.html | VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/92461 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9654 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN03052683/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000137.html | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92461 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9654 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | mailwise | 5.0.0 | |
| cybozu | mailwise | 5.0.1 | |
| cybozu | mailwise | 5.0.4 | |
| cybozu | mailwise | 5.0.5 | |
| cybozu | mailwise | 5.0.6 | |
| cybozu | mailwise | 5.1.0 | |
| cybozu | mailwise | 5.1.1 | |
| cybozu | mailwise | 5.1.2 | |
| cybozu | mailwise | 5.1.4 | |
| cybozu | mailwise | 5.2.0 | |
| cybozu | mailwise | 5.2.1 | |
| cybozu | mailwise | 5.3.0 | |
| cybozu | mailwise | 5.3.1 | |
| cybozu | mailwise | 5.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F066F85C-F84C-45DA-87CC-0C8202C00460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3956F26C-233C-4A7F-9745-14A2CEB6F4CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "591C09B6-73E2-42A7-A2AD-AE703DDBE06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "645BE048-9DB7-44F3-A75D-0552C292E8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F9479A2D-4EF3-4E9B-9AB9-9D2047F46A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83DF50B7-3651-42A2-B7CB-314D18DA068C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E95A740-7F86-472A-9925-69A7F30BD1A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C767208D-84D8-44F0-85E3-9815CC1FED54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71146EC4-726F-4D95-8590-17703FD40DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22B4478B-BD20-4472-8934-2DA5FA854C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF436BB-5A1A-4FEB-9E46-B27DBA8151B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "146FB304-DC98-440F-8EF4-643B077A857A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC12232-C103-4F2C-B639-ED5DA2B5DFE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A7D360-F236-4C5A-A059-4A21AF98C90E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information."
},
{
"lang": "es",
"value": "Cybozu Mailwise en versiones anteriores a 5.4.0 permite a atacantes remotos obtener informaci\u00f3n sensible de cookies."
}
],
"id": "CVE-2016-4843",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T18:59:00.640",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN03052683/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000137.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92461"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN03052683/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000137.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9654"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-26 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN52319657/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/10196 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN52319657/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/10196 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:mailwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "166D12B7-EC79-4667-BD32-C72E3F5F3696",
"versionEndIncluding": "5.4.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML \u0027Address\u0027 via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) en Cybozu Mailwise, de la versi\u00f3n 5.0.0 a la 5.4.1, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios en \"Address\" mediante vectores sin especificar."
}
],
"id": "CVE-2018-0559",
"lastModified": "2024-11-21T03:38:28.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-26T14:29:00.537",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/10196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/10196"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}