Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

1 vulnerability found for Cybozu Desktop by Cybozu, Inc.

JVNDB-2020-000034

Vulnerability from jvndb - Published: 2020-05-25 15:09 - Updated:2020-05-25 15:09
Severity ?
8.3 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Cybozu Desktop for Windows vulenerable to arbitrary code execution
Details
Cybozu Desktop for Windows provided by Cybozu, Inc. contains an arbitrary code execution vulnerability due to the improper data processing when applying the software update. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to Cybozu, Inc. and coordinated. Cybozu, Inc. and JPCERT/CC published respective advisories in order to notify users of this vulnerability.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000034.html",
  "dc:date": "2020-05-25T15:09+09:00",
  "dcterms:issued": "2020-05-25T15:09+09:00",
  "dcterms:modified": "2020-05-25T15:09+09:00",
  "description": "Cybozu Desktop for Windows provided by Cybozu, Inc. contains an arbitrary code execution vulnerability due to the improper data processing when applying the software update.\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to Cybozu, Inc. and coordinated. Cybozu, Inc. and JPCERT/CC published respective advisories in order to notify users of this vulnerability.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000034.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:desktop",
    "@product": "Cybozu Desktop",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.1",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.3",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000034",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN59552136/index.html",
      "@id": "JVN#59552136",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5537",
      "@id": "CVE-2020-5537",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5537",
      "@id": "CVE-2020-5537",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    }
  ],
  "title": "Cybozu Desktop for Windows vulenerable to arbitrary code execution"
}