Vulnerability CVE-2016-1187


Published: 2017-04-21

Description:
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.

Vendor: Cybozu
Product: Kunai 
Version:
3.1.5
3.1.4
3.1.3
3.1.2
3.1.1
3.1.0
3.0._5
3.0.7
3.0.6
3.0.4
3.0.3
3.0.2
3.0.1
3.0.0
2.1.3
2.1.2
2.1.1
2.1.0
2.0.5
2.0.4
2.0.3.1
2.0.3

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://jvn.jp/en/jp/JVN11994518/index.html
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html
https://support.cybozu.com/ja-jp/article/9446
https://support.cybozu.com/ja-jp/article/9495

Related CVE
CVE-2018-0567
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.
CVE-2018-0566
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.
CVE-2018-0565
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-0559
Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors.
CVE-2018-0558
Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors.
CVE-2018-0557
Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors.
CVE-2018-0529
Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2018-0528
Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.

Copyright 2018, cxsecurity.com

 

Back to Top