Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.
References
Configurations
History
21 Nov 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
References | () http://cybozu.co.jp/products/dl/notice/detail/0034.html - | |
References | () http://jvn.jp/en/jp/JVN87730223/index.html - | |
References | () http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html - | |
References | () http://secunia.com/advisories/39508 - Vendor Advisory | |
References | () http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html - | |
References | () http://www.osvdb.org/63933 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/57976 - |
Information
Published : 2010-05-24 19:30
Updated : 2024-11-21 01:15
NVD link : CVE-2010-2029
Mitre link : CVE-2010-2029
CVE.ORG link : CVE-2010-2029
JSON object : View
Products Affected
cybozu
- cybozu_dotsales
- cybozu_office
CWE
CWE-264
Permissions, Privileges, and Access Controls