Permissions, Privileges, and Access Controls in Cybozu Office

#VU51467 Permissions, Privileges, and Access Controls in Cybozu Office

Published: 2021-03-15

Vulnerability identifier: #VU51467

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-20632

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cybozu Office
Other software / Other software solutions

Vendor: Cybozu

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Bulletin Board. A remote authenticated attacker can obtain the data of Bulletin Board without the viewing privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cybozu Office: 10.0.0 - 10.8.4

CPE

cpe:2.3:a:cybozu:cybozu_office:10.8.4:*:*:*:*:*:*:*

External links
http://jvn.jp/en/jp/JVN45797538/index.html
http://cs.cybozu.co.jp/2021/007306.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in Cybozu Office