Vulnerability Details CVE-2010-2029
Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 56.7%
CVSS Severity
CVSS v2 Score 5.8
References
- http://cybozu.co.jp/products/dl/notice/detail/0034.html
- http://jvn.jp/en/jp/JVN87730223/index.html
- http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html
- http://secunia.com/advisories/39508
- http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html
- http://www.osvdb.org/63933
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57976
- http://cybozu.co.jp/products/dl/notice/detail/0034.html
- http://jvn.jp/en/jp/JVN87730223/index.html
- http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html
- http://secunia.com/advisories/39508
- http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html
- http://www.osvdb.org/63933
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57976
Products affected by CVE-2010-2029
-
cpe:2.3:a:cybozu:cybozu_dotsales:*
-
cpe:2.3:a:cybozu:cybozu_office:7