Search

Find a vulnerability

Search criteria

    21 vulnerabilities found for Cybozu Mailwise by Cybozu, Inc.

    JVNDB-2020-000035

    Vulnerability from jvndb - Published: 2020-05-29 15:40 - Updated:2020-05-29 15:40
    Severity
    Summary
    Multiples security updates for multiple Cybozu products
    Details
    Cybozu, Inc. has released multiple security updates for multiple Cybozu products. * [CyVDB-2465] Credential Disclosure Vulnerability - CVE-2020-5572 * [CyVDB-2484] Credential Disclosure Vulnerability - CVE-2020-5573 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000035.html",
      "dc:date": "2020-05-29T15:40+09:00",
      "dcterms:issued": "2020-05-29T15:40+09:00",
      "dcterms:modified": "2020-05-29T15:40+09:00",
      "description": "Cybozu, Inc. has released multiple security updates for multiple Cybozu products.\r\n* [CyVDB-2465] Credential Disclosure Vulnerability - CVE-2020-5572\r\n* [CyVDB-2484] Credential Disclosure Vulnerability - CVE-2020-5573\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000035.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:cybozu:kintone",
          "@product": "kintone",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:cybozu:mailwise",
          "@product": "Cybozu Mailwise",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "2.1",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.6",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2020-000035",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN78745667/index.html",
          "@id": "JVN#78745667",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5572",
          "@id": "CVE-2020-5572",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5573",
          "@id": "CVE-2020-5573",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5572",
          "@id": "CVE-2020-5572",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5573",
          "@id": "CVE-2020-5573",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-200",
          "@title": "Information Exposure(CWE-200)"
        }
      ],
      "title": "Multiples security updates for multiple Cybozu products"
    }

    JVNDB-2018-000119

    Vulnerability from jvndb - Published: 2018-11-14 15:34 - Updated:2019-08-27 13:37
    Severity
    Summary
    Cybozu Mailwise vulnerable to directory traversal
    Details
    Cybozu Mailwise provided by Cybozu, Inc. contains a directory traversal vulnerability (CWE-22) due to a flaw in processing parameter of the HTTP request. Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000119.html",
      "dc:date": "2019-08-27T13:37+09:00",
      "dcterms:issued": "2018-11-14T15:34+09:00",
      "dcterms:modified": "2019-08-27T13:37+09:00",
      "description": "Cybozu Mailwise provided by Cybozu, Inc. contains a directory traversal vulnerability (CWE-22) due to a flaw in processing parameter of the HTTP request.\r\n\r\nYuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000119.html",
      "sec:cpe": {
        "#text": "cpe:/a:cybozu:mailwise",
        "@product": "Cybozu Mailwise",
        "@vendor": "Cybozu, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
          "@version": "2.0"
        },
        {
          "@score": "8.6",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-000119",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN83739174/index.html",
          "@id": "JVN#83739174",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0702",
          "@id": "CVE-2018-0702",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0702",
          "@id": "CVE-2018-0702",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        }
      ],
      "title": "Cybozu Mailwise vulnerable to directory traversal"
    }

    JVNDB-2018-000054

    Vulnerability from jvndb - Published: 2018-05-22 15:26 - Updated:2018-08-30 17:47
    Severity
    Summary
    Multiple cross-site scripting vulnerabilities in Cybozu Mailwise
    Details
    Cybozu Mailwise contains multiple cross-site scripting vulnerabilities below. * Stored cross-site scripting vulnerability in "E-mail Details Screen" (CWE-79) - CVE-2018-0557 * Reflected cross-site scripting vulnerability in "System settings" (CWE-79) - CVE-2018-0558 * Reflected cross-site scripting vulnerability in "Address" (CWE-79) - CVE-2018-0559 Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000054.html",
      "dc:date": "2018-08-30T17:47+09:00",
      "dcterms:issued": "2018-05-22T15:26+09:00",
      "dcterms:modified": "2018-08-30T17:47+09:00",
      "description": "Cybozu Mailwise contains multiple cross-site scripting vulnerabilities below. \r\n\r\n* Stored cross-site scripting vulnerability in \"E-mail Details Screen\" (CWE-79) - CVE-2018-0557\r\n* Reflected cross-site scripting vulnerability in \"System settings\" (CWE-79) - CVE-2018-0558\r\n* Reflected cross-site scripting vulnerability in \"Address\" (CWE-79) - CVE-2018-0559\r\n\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000054.html",
      "sec:cpe": {
        "#text": "cpe:/a:cybozu:mailwise",
        "@product": "Cybozu Mailwise",
        "@vendor": "Cybozu, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "6.1",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-000054",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN52319657/index.html",
          "@id": "JVN#52319657",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0557",
          "@id": "CVE-2018-0557",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0558",
          "@id": "CVE-2018-0558",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0559",
          "@id": "CVE-2018-0559",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0557",
          "@id": "CVE-2018-0557",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0558",
          "@id": "CVE-2018-0558",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0559",
          "@id": "CVE-2018-0559",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Multiple cross-site scripting vulnerabilities in Cybozu Mailwise"
    }

    JVNDB-2016-000138

    Vulnerability from jvndb - Published: 2016-08-16 14:14 - Updated:2017-05-23 12:01
    Severity
    Summary
    Cybozu Mailwise contains issue in preventing clickjacking attacks
    Details
    Cybozu Mailwise contains multiple pages for editing/sending bulk emails. Some of these pages fail to protect against clickjacking attacks. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000138.html",
      "dc:date": "2017-05-23T12:01+09:00",
      "dcterms:issued": "2016-08-16T14:14+09:00",
      "dcterms:modified": "2017-05-23T12:01+09:00",
      "description": "Cybozu Mailwise contains multiple pages for editing/sending bulk emails.  Some of these pages fail to protect against clickjacking attacks.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000138.html",
      "sec:cpe": {
        "#text": "cpe:/a:cybozu:mailwise",
        "@product": "Cybozu Mailwise",
        "@vendor": "Cybozu, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "2.6",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2016-000138",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN04125292/index.html",
          "@id": "JVN#04125292",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4844",
          "@id": "CVE-2016-4844",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4844",
          "@id": "CVE-2016-4844",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Cybozu Mailwise contains issue in preventing clickjacking attacks"
    }

    JVNDB-2016-000137

    Vulnerability from jvndb - Published: 2016-08-16 14:14 - Updated:2017-05-23 12:02
    Severity
    Summary
    Cybozu Mailwise vulnerable to information disclosure
    Details
    Cybozu Mailwise contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the page where CGI environment variables are displayed. Therefore, session information may be disclosed if the contents of this page is read in some way. Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000137.html",
      "dc:date": "2017-05-23T12:02+09:00",
      "dcterms:issued": "2016-08-16T14:14+09:00",
      "dcterms:modified": "2017-05-23T12:02+09:00",
      "description": "Cybozu Mailwise contains an information disclosure vulnerability in the page where CGI environment variables are displayed.\r\nCookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code.  However, Cookie values can be obtained in the page where CGI environment variables are displayed.  Therefore, session information may be disclosed if the contents of this page is read in some way.\r\n\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000137.html",
      "sec:cpe": {
        "#text": "cpe:/a:cybozu:mailwise",
        "@product": "Cybozu Mailwise",
        "@vendor": "Cybozu, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "2.6",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "6.5",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2016-000137",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN03052683/index.html",
          "@id": "JVN#03052683",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4843",
          "@id": "CVE-2016-4843",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4843",
          "@id": "CVE-2016-4843",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-200",
          "@title": "Information Exposure(CWE-200)"
        }
      ],
      "title": "Cybozu Mailwise vulnerable to information disclosure"
    }

    JVNDB-2016-000136

    Vulnerability from jvndb - Published: 2016-08-16 14:14 - Updated:2017-05-23 12:02
    Severity
    Summary
    Cybozu Mailwise vulnerable to information disclosure
    Details
    Cybozu Mailwise contains an information disclosure vulnerability in the mail view page. Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000136.html",
      "dc:date": "2017-05-23T12:02+09:00",
      "dcterms:issued": "2016-08-16T14:14+09:00",
      "dcterms:modified": "2017-05-23T12:02+09:00",
      "description": "Cybozu Mailwise contains an information disclosure vulnerability in the mail view page.\r\n\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000136.html",
      "sec:cpe": {
        "#text": "cpe:/a:cybozu:mailwise",
        "@product": "Cybozu Mailwise",
        "@vendor": "Cybozu, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.7",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2016-000136",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN02576342/index.html",
          "@id": "JVN#02576342",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4842",
          "@id": "CVE-2016-4842",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4842",
          "@id": "CVE-2016-4842",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-200",
          "@title": "Information Exposure(CWE-200)"
        }
      ],
      "title": "Cybozu Mailwise vulnerable to information disclosure"
    }

    JVNDB-2016-000135

    Vulnerability from jvndb - Published: 2016-08-16 14:10 - Updated:2017-05-23 16:23
    Severity
    Summary
    Cybozu Mailwise vulnerable to mail header injection
    Details
    Cybozu Mailwise contains a mail header injection vulnerability in the process of sending emails. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000135.html",
      "dc:date": "2017-05-23T16:23+09:00",
      "dcterms:issued": "2016-08-16T14:10+09:00",
      "dcterms:modified": "2017-05-23T16:23+09:00",
      "description": "Cybozu Mailwise contains a mail header injection vulnerability in the process of sending emails.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000135.html",
      "sec:cpe": {
        "#text": "cpe:/a:cybozu:mailwise",
        "@product": "Cybozu Mailwise",
        "@vendor": "Cybozu, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "2.6",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2016-000135",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN01353821/index.html",
          "@id": "JVN#01353821",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4841",
          "@id": "CVE-2016-4841",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4841",
          "@id": "CVE-2016-4841",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-20",
          "@title": "Improper Input Validation(CWE-20)"
        }
      ],
      "title": "Cybozu Mailwise vulnerable to mail header injection"
    }

    JVNDB-2014-000130

    Vulnerability from jvndb - Published: 2014-11-11 13:36 - Updated:2014-11-25 17:52
    Severity
    N/A (UNKNOWN) - -
    Summary
    Multiple Cybozu products vulnerable to buffer overflow
    Details
    Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability (CWE-119). Masaaki Chida of GREE, Inc. reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000130.html",
      "dc:date": "2014-11-25T17:52+09:00",
      "dcterms:issued": "2014-11-11T13:36+09:00",
      "dcterms:modified": "2014-11-25T17:52+09:00",
      "description": "Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability (CWE-119).\r\n\r\nMasaaki Chida of GREE, Inc. reported this vulnerability to the developer.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000130.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:cybozu:dezie",
          "@product": "Cybozu Dezie",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:cybozu:mailwise",
          "@product": "Cybozu Mailwise",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:cybozu:office",
          "@product": "Cybozu Office",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "9.0",
        "@severity": "High",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2014-000130",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN14691234/index.html",
          "@id": "JVN#14691234",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5314",
          "@id": "CVE-2014-5314",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5314",
          "@id": "CVE-2014-5314",
          "@source": "NVD"
        },
        {
          "#text": "http://www.ipa.go.jp/security/ciadr/vul/20141111-jvn.html",
          "@id": "Security Alert for Multiple Cybozu products vulnerable to buffer overflow (JVN#14691234)",
          "@source": "IPA SECURITY ALERTS"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-119",
          "@title": "Buffer Errors(CWE-119)"
        }
      ],
      "title": "Multiple Cybozu products vulnerable to buffer overflow"
    }

    JVNDB-2013-000077

    Vulnerability from jvndb - Published: 2013-08-13 12:22 - Updated:2013-08-20 11:37
    Severity
    N/A (UNKNOWN) - -
    Summary
    Cybozu Mailwise vulnerable to information disclosure
    Details
    Cybozu Mailwise contains a vulnerability that may display contents of another email in the subject field.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000077.html",
      "dc:date": "2013-08-20T11:37+09:00",
      "dcterms:issued": "2013-08-13T12:22+09:00",
      "dcterms:modified": "2013-08-20T11:37+09:00",
      "description": "Cybozu Mailwise contains a vulnerability that may display contents of another email in the subject field.",
      "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000077.html",
      "sec:cpe": {
        "#text": "cpe:/a:cybozu:mailwise",
        "@product": "Cybozu Mailwise",
        "@vendor": "Cybozu, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "3.5",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2013-000077",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN21103639/index.html",
          "@id": "JVN#21103639",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4698",
          "@id": "CVE-2013-4698",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4698",
          "@id": "CVE-2013-4698",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-noinfo",
          "@title": "No Mapping(CWE-noinfo)"
        }
      ],
      "title": "Cybozu Mailwise vulnerable to information disclosure"
    }

    JVNDB-2013-000034

    Vulnerability from jvndb - Published: 2013-04-15 17:08 - Updated:2013-06-25 18:36
    Severity
    N/A (UNKNOWN) - -
    Summary
    Multiple Cybozu products vulnerable to cross-site request forgery
    Details
    Multiple Cybozu products contain a cross-site request forgery vulnerability.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000034.html",
      "dc:date": "2013-06-25T18:36+09:00",
      "dcterms:issued": "2013-04-15T17:08+09:00",
      "dcterms:modified": "2013-06-25T18:36+09:00",
      "description": "Multiple Cybozu products contain a cross-site request forgery vulnerability.",
      "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000034.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:cybozu:dezie",
          "@product": "Cybozu Dezie",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:cybozu:mailwise",
          "@product": "Cybozu Mailwise",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:cybozu:office",
          "@product": "Cybozu Office",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2013-000034",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN06251813/index.html",
          "@id": "JVN#06251813",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2305",
          "@id": "CVE-2013-2305",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2305",
          "@id": "CVE-2013-2305",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        }
      ],
      "title": "Multiple Cybozu products vulnerable to cross-site request forgery"
    }

    JVNDB-2011-000046

    Vulnerability from jvndb - Published: 2011-06-24 19:21 - Updated:2011-06-24 19:21
    Severity
    N/A (UNKNOWN) - -
    Summary
    Multiple Cybozu products vulnerable to cross-site scripting
    Details
    Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability. Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system. Sen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000046.html",
      "dc:date": "2011-06-24T19:21+09:00",
      "dcterms:issued": "2011-06-24T19:21+09:00",
      "dcterms:modified": "2011-06-24T19:21+09:00",
      "description": "Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability.\r\n\r\nMultiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system.\r\n\r\nSen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000046.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:cybozu:collaborex",
          "@product": "Cybozu Collaborex",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:cybozu:dezie",
          "@product": "Cybozu Dezie",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:cybozu:garoon",
          "@product": "Cybozu Garoon",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:cybozu:mailwise",
          "@product": "Cybozu Mailwise",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:cybozu:office",
          "@product": "Cybozu Office",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2011-000046",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN54074460",
          "@id": "JVN#54074460",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1334",
          "@id": "CVE-2011-1334",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1334",
          "@id": "CVE-2011-1334",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Multiple Cybozu products vulnerable to cross-site scripting"
    }

    JVNDB-2009-000067

    Vulnerability from jvndb - Published: 2009-10-15 15:21 - Updated:2009-10-15 15:21
    Severity
    N/A (UNKNOWN) - -
    Summary
    Multiple Cybozu products vulnerable to cross-site scripting
    Details
    Multiple Cybozu products are vulnerable to cross-site scripting. Multiple products (groupware etc.) provided by Cybozu, Inc. contain a cross-site scripting vulnerablility. This vulnerability is different from JVN#50342989, and JVN#90712589. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000067.html",
      "dc:date": "2009-10-15T15:21+09:00",
      "dcterms:issued": "2009-10-15T15:21+09:00",
      "dcterms:modified": "2009-10-15T15:21+09:00",
      "description": "Multiple Cybozu products are vulnerable to cross-site scripting.\r\n\r\nMultiple products (groupware etc.) provided by Cybozu, Inc. contain a cross-site scripting vulnerablility.\r\n\r\nThis vulnerability is different from JVN#50342989, and JVN#90712589.\r\n\r\nTakeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000067.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:cybozu:dezie",
          "@product": "Cybozu Dezie",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:cybozu:mailwise",
          "@product": "Cybozu Mailwise",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:cybozu:office",
          "@product": "Cybozu Office",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2009-000067",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN23108985/index.html",
          "@id": "JVN#23108985",
          "@source": "JVN"
        },
        {
          "#text": "http://secunia.com/advisories/37011/",
          "@id": "SA37011",
          "@source": "SECUNIA"
        },
        {
          "#text": "http://www.securityfocus.com/bid/36704",
          "@id": "36704",
          "@source": "BID"
        },
        {
          "#text": "http://www.vupen.com/english/advisories/2009/2918",
          "@id": "VUPEN/ADV-2009-2918",
          "@source": "VUPEN"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Multiple Cybozu products vulnerable to cross-site scripting"
    }

    JVNDB-2006-000651

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000651.html",
      "dc:date": "2008-05-21T00:00+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T00:00+09:00",
      "description": "Multiple Cybozu products contain a directory traversal vulnerability.",
      "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000651.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:cybozu:ag_pocket",
          "@product": "Cybozu AG Pocket",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:cybozu:collaborex",
          "@product": "Cybozu Collaborex",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:cybozu:cybozu_ag",
          "@product": "Cybozu AG",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:cybozu:garoon",
          "@product": "Cybozu Garoon",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:cybozu:mailwise",
          "@product": "Cybozu Mailwise",
          "@vendor": "Cybozu, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "4.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2006-000651",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN90420168/index.html",
          "@id": "JVN#90420168",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4491",
          "@id": "CVE-2006-4491",
          "@source": "CVE"
        },
        {
          "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4491",
          "@id": "CVE-2006-4491",
          "@source": "NVD"
        },
        {
          "#text": "http://secunia.com/advisories/21656",
          "@id": "SA21656",
          "@source": "SECUNIA"
        },
        {
          "#text": "http://securitytracker.com/id?1016759",
          "@id": "1016759",
          "@source": "SECTRACK"
        },
        {
          "#text": "http://www.osvdb.org/28262",
          "@id": "28262",
          "@source": "OSVDB"
        }
      ],
      "title": "Cybozu products vulnerable to directory traversal"
    }

    CVE-2018-0702 (GCVE-0-2018-0702)

    Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
    VLAI
    Summary
    Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    URL Tags
    https://kb.cybozu.support/article/34135/ x_refsource_MISC
    https://jvn.jp/en/jp/JVN83739174/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    Cybozu, Inc. Cybozu Mailwise Affected: 5.0.0 to 5.4.5
    Create a notification for this product.
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:48.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cybozu.support/article/34135/"
              },
              {
                "name": "JVN#83739174",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN83739174/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cybozu Mailwise",
              "vendor": "Cybozu, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.0 to 5.4.5"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T21:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cybozu.support/article/34135/"
            },
            {
              "name": "JVN#83739174",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN83739174/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0702",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cybozu Mailwise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.0 to 5.4.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cybozu, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.cybozu.support/article/34135/",
                  "refsource": "MISC",
                  "url": "https://kb.cybozu.support/article/34135/"
                },
                {
                  "name": "JVN#83739174",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN83739174/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0702",
        "datePublished": "2019-01-09T22:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:35:48.997Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0559 (GCVE-0-2018-0559)

    Vulnerability from nvd – Published: 2018-06-26 14:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN52319657/index.html third-party-advisoryx_refsource_JVN
    https://support.cybozu.com/ja-jp/article/10196 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Cybozu, Inc. Cybozu Mailwise Affected: 5.0.0 to 5.4.1
    Create a notification for this product.
    Date Public
    2018-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.207Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#52319657",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.cybozu.com/ja-jp/article/10196"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cybozu Mailwise",
              "vendor": "Cybozu, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.0 to 5.4.1"
                }
              ]
            }
          ],
          "datePublic": "2018-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML \u0027Address\u0027 via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-26T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#52319657",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.cybozu.com/ja-jp/article/10196"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0559",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cybozu Mailwise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.0 to 5.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cybozu, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML \u0027Address\u0027 via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#52319657",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
                },
                {
                  "name": "https://support.cybozu.com/ja-jp/article/10196",
                  "refsource": "CONFIRM",
                  "url": "https://support.cybozu.com/ja-jp/article/10196"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0559",
        "datePublished": "2018-06-26T14:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0558 (GCVE-0-2018-0558)

    Vulnerability from nvd – Published: 2018-06-26 14:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN52319657/index.html third-party-advisoryx_refsource_JVN
    https://support.cybozu.com/ja-jp/article/10193 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Cybozu, Inc. Cybozu Mailwise Affected: 5.0.0 to 5.4.1
    Create a notification for this product.
    Date Public
    2018-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.266Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#52319657",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.cybozu.com/ja-jp/article/10193"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cybozu Mailwise",
              "vendor": "Cybozu, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.0 to 5.4.1"
                }
              ]
            }
          ],
          "datePublic": "2018-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in \u0027System settings\u0027 via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-26T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#52319657",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.cybozu.com/ja-jp/article/10193"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0558",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cybozu Mailwise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.0 to 5.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cybozu, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in \u0027System settings\u0027 via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#52319657",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
                },
                {
                  "name": "https://support.cybozu.com/ja-jp/article/10193",
                  "refsource": "CONFIRM",
                  "url": "https://support.cybozu.com/ja-jp/article/10193"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0558",
        "datePublished": "2018-06-26T14:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0557 (GCVE-0-2018-0557)

    Vulnerability from nvd – Published: 2018-06-26 14:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN52319657/index.html third-party-advisoryx_refsource_JVN
    https://support.cybozu.com/ja-jp/article/10194 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Cybozu, Inc. Cybozu Mailwise Affected: 5.0.0 to 5.4.1
    Create a notification for this product.
    Date Public
    2018-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#52319657",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.cybozu.com/ja-jp/article/10194"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cybozu Mailwise",
              "vendor": "Cybozu, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.0 to 5.4.1"
                }
              ]
            }
          ],
          "datePublic": "2018-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML \u0027E-mail Details Screen\u0027 via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-26T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#52319657",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.cybozu.com/ja-jp/article/10194"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0557",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cybozu Mailwise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.0 to 5.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cybozu, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML \u0027E-mail Details Screen\u0027 via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#52319657",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
                },
                {
                  "name": "https://support.cybozu.com/ja-jp/article/10194",
                  "refsource": "CONFIRM",
                  "url": "https://support.cybozu.com/ja-jp/article/10194"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0557",
        "datePublished": "2018-06-26T14:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0702 (GCVE-0-2018-0702)

    Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
    VLAI
    Summary
    Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    URL Tags
    https://kb.cybozu.support/article/34135/ x_refsource_MISC
    https://jvn.jp/en/jp/JVN83739174/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    Cybozu, Inc. Cybozu Mailwise Affected: 5.0.0 to 5.4.5
    Create a notification for this product.
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:48.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cybozu.support/article/34135/"
              },
              {
                "name": "JVN#83739174",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN83739174/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cybozu Mailwise",
              "vendor": "Cybozu, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.0 to 5.4.5"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T21:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cybozu.support/article/34135/"
            },
            {
              "name": "JVN#83739174",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN83739174/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0702",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cybozu Mailwise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.0 to 5.4.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cybozu, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.cybozu.support/article/34135/",
                  "refsource": "MISC",
                  "url": "https://kb.cybozu.support/article/34135/"
                },
                {
                  "name": "JVN#83739174",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN83739174/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0702",
        "datePublished": "2019-01-09T22:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:35:48.997Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0559 (GCVE-0-2018-0559)

    Vulnerability from cvelistv5 – Published: 2018-06-26 14:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN52319657/index.html third-party-advisoryx_refsource_JVN
    https://support.cybozu.com/ja-jp/article/10196 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Cybozu, Inc. Cybozu Mailwise Affected: 5.0.0 to 5.4.1
    Create a notification for this product.
    Date Public
    2018-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.207Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#52319657",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.cybozu.com/ja-jp/article/10196"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cybozu Mailwise",
              "vendor": "Cybozu, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.0 to 5.4.1"
                }
              ]
            }
          ],
          "datePublic": "2018-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML \u0027Address\u0027 via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-26T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#52319657",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.cybozu.com/ja-jp/article/10196"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0559",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cybozu Mailwise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.0 to 5.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cybozu, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML \u0027Address\u0027 via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#52319657",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
                },
                {
                  "name": "https://support.cybozu.com/ja-jp/article/10196",
                  "refsource": "CONFIRM",
                  "url": "https://support.cybozu.com/ja-jp/article/10196"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0559",
        "datePublished": "2018-06-26T14:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0558 (GCVE-0-2018-0558)

    Vulnerability from cvelistv5 – Published: 2018-06-26 14:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN52319657/index.html third-party-advisoryx_refsource_JVN
    https://support.cybozu.com/ja-jp/article/10193 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Cybozu, Inc. Cybozu Mailwise Affected: 5.0.0 to 5.4.1
    Create a notification for this product.
    Date Public
    2018-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.266Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#52319657",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.cybozu.com/ja-jp/article/10193"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cybozu Mailwise",
              "vendor": "Cybozu, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.0 to 5.4.1"
                }
              ]
            }
          ],
          "datePublic": "2018-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in \u0027System settings\u0027 via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-26T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#52319657",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.cybozu.com/ja-jp/article/10193"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0558",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cybozu Mailwise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.0 to 5.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cybozu, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in \u0027System settings\u0027 via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#52319657",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
                },
                {
                  "name": "https://support.cybozu.com/ja-jp/article/10193",
                  "refsource": "CONFIRM",
                  "url": "https://support.cybozu.com/ja-jp/article/10193"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0558",
        "datePublished": "2018-06-26T14:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0557 (GCVE-0-2018-0557)

    Vulnerability from cvelistv5 – Published: 2018-06-26 14:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN52319657/index.html third-party-advisoryx_refsource_JVN
    https://support.cybozu.com/ja-jp/article/10194 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Cybozu, Inc. Cybozu Mailwise Affected: 5.0.0 to 5.4.1
    Create a notification for this product.
    Date Public
    2018-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#52319657",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.cybozu.com/ja-jp/article/10194"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cybozu Mailwise",
              "vendor": "Cybozu, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.0 to 5.4.1"
                }
              ]
            }
          ],
          "datePublic": "2018-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML \u0027E-mail Details Screen\u0027 via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-26T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#52319657",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.cybozu.com/ja-jp/article/10194"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0557",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cybozu Mailwise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.0 to 5.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cybozu, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML \u0027E-mail Details Screen\u0027 via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#52319657",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN52319657/index.html"
                },
                {
                  "name": "https://support.cybozu.com/ja-jp/article/10194",
                  "refsource": "CONFIRM",
                  "url": "https://support.cybozu.com/ja-jp/article/10194"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0557",
        "datePublished": "2018-06-26T14:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }