Vulnerability CVE-2021-20625


Published: 2021-03-18

Description:
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.

Type:

CWE-863

(Incorrect Authorization)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Cybozu -> Office 

 References:
https://jvn.jp/en/jp/JVN45797538/index.html
https://kb.cybozu.support/article/36874/

Copyright 2024, cxsecurity.com

 

Back to Top