Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Remote Service by Cybozu, Inc.

    JVNDB-2023-000109

    Vulnerability from jvndb - Published: 2023-10-31 13:43 - Updated:2024-05-07 15:51
    Severity
    Summary
    Cybozu Remote Service vulnerable to uncontrolled resource consumption
    Details
    Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption (CWE-400). Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000109.html",
      "dc:date": "2024-05-07T15:51+09:00",
      "dcterms:issued": "2023-10-31T13:43+09:00",
      "dcterms:modified": "2024-05-07T15:51+09:00",
      "description": "Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption (CWE-400).\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000109.html",
      "sec:cpe": {
        "#text": "cpe:/a:cybozu:cybozu_remote_service",
        "@product": "Remote Service",
        "@vendor": "Cybozu, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "@version": "2.0"
        },
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000109",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN94132951/index.html",
          "@id": "JVN#94132951",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-46278",
          "@id": "CVE-2023-46278",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-46278",
          "@id": "CVE-2023-46278",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Cybozu Remote Service vulnerable to uncontrolled resource consumption"
    }

    JVNDB-2022-000095

    Vulnerability from jvndb - Published: 2022-11-25 14:15 - Updated:2024-06-03 16:08
    Severity
    Summary
    Cybozu Remote Service vulnerable to Uncontrolled Resource Consumption
    Details
    Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption (CWE-400). Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000095.html",
      "dc:date": "2024-06-03T16:08+09:00",
      "dcterms:issued": "2022-11-25T14:15+09:00",
      "dcterms:modified": "2024-06-03T16:08+09:00",
      "description": "Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption (CWE-400).\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000095.html",
      "sec:cpe": {
        "#text": "cpe:/a:cybozu:cybozu_remote_service",
        "@product": "Remote Service",
        "@vendor": "Cybozu, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "@version": "2.0"
        },
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2022-000095",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN87895771/index.html",
          "@id": "JVN#87895771",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-44608",
          "@id": "CVE-2022-44608",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-44608",
          "@id": "CVE-2022-44608",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Cybozu Remote Service vulnerable to Uncontrolled Resource Consumption"
    }

    JVNDB-2021-000088

    Vulnerability from jvndb - Published: 2021-09-30 16:03 - Updated:2024-04-08 18:09
    Severity
    Summary
    Multiple vulnerabilities in Cybozu Remote Service
    Details
    Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * [CyVDB-525] Cross-site request forgery vulnerability in the management screen (CWE-352) - CVE-2021-20795 * [CyVDB-1742] Path traversal vulnerability in the management screen (CWE-22) - CVE-2021-20796 * [CyVDB-1806] Cross-site script inclusion vulnerability in the management screen (CWE-829) - CVE-2021-20797 * [CyVDB-1808] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20798 * [CyVDB-1809] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20799 * [CyVDB-1810] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20800 * [CyVDB-1811] XML external entity injection (XXE) vulnerability (CWE-611) - CVE-2021-20801 * [CyVDB-1814] HTTP header injection vulnerability (CWE-113) - CVE-2021-20802 * [CyVDB-1820] Operation restriction bypass in the management screen (CWE-264) - CVE-2021-20803 * [CyVDB-1830] Denial-of-service (DoS) vulnerability (CWE-400) - CVE-2021-20804 * [CyVDB-1862] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20805 * [CyVDB-1968] Open redirect vulnerability (CWE-601) - CVE-2021-20806 * [CyVDB-2028] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20807 * [CyVDB-877] Path traversal vulnerability in Importing Mobile Device Data (CWE-22) - CVE-2022-26838 CVE-2021-20795 Masaaki Chida reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN. CVE-2021-20796, CVE-2021-20807 Toshitsugu Yoneyama(Mitsui Bussan Secure Directions, Inc.) reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. CVE-2021-20805 Yuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN. CVE-2021-20806 Kanta Nishitani of Ierae Security Inc. reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN. CVE-2021-20797, CVE-2021-20798, CVE-2021-20799, CVE-2021-20800, CVE-2021-20801, CVE-2021-20802, CVE-2021-20803, CVE-2021-20804, CVE-2022-26838 Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
    References
    JVN https://jvn.jp/en/jp/JVN52694228/index.html
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20795
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20796
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20797
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20798
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20799
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20800
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20801
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20802
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20803
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20804
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20805
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20806
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20807
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26838
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20795
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20796
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20797
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20798
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20799
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20800
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20801
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20802
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20803
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20804
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20805
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20806
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20807
    NVD https://nvd.nist.gov/vuln/detail/CVE-2022-26838
    Path Traversal(CWE-22) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Permissions(CWE-264) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Cross-Site Request Forgery(CWE-352) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Uncontrolled Resource Consumption ('Resource Exhaustion')(CWE-400) https://cwe.mitre.org/data/definitions/400.html
    Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    No Mapping(CWE-Other) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000088.html",
      "dc:date": "2024-04-08T18:09+09:00",
      "dcterms:issued": "2021-09-30T16:03+09:00",
      "dcterms:modified": "2024-04-08T18:09+09:00",
      "description": "Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n\r\n* [CyVDB-525] Cross-site request forgery vulnerability in the management screen (CWE-352) - CVE-2021-20795\r\n* [CyVDB-1742] Path traversal vulnerability in the management screen (CWE-22) - CVE-2021-20796\r\n* [CyVDB-1806] Cross-site script inclusion vulnerability in the management screen (CWE-829) - CVE-2021-20797\r\n* [CyVDB-1808] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20798\r\n* [CyVDB-1809] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20799\r\n* [CyVDB-1810] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20800\r\n* [CyVDB-1811] XML external entity injection (XXE) vulnerability (CWE-611) - CVE-2021-20801\r\n* [CyVDB-1814] HTTP header injection vulnerability (CWE-113) - CVE-2021-20802\r\n* [CyVDB-1820] Operation restriction bypass in the management screen (CWE-264) - CVE-2021-20803\r\n* [CyVDB-1830] Denial-of-service (DoS) vulnerability (CWE-400) - CVE-2021-20804\r\n* [CyVDB-1862] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20805\r\n* [CyVDB-1968] Open redirect vulnerability (CWE-601) - CVE-2021-20806\r\n* [CyVDB-2028] Cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2021-20807\r\n* [CyVDB-877] Path traversal vulnerability in Importing Mobile Device Data (CWE-22) - CVE-2022-26838\r\n\r\nCVE-2021-20795\r\n Masaaki Chida reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n CVE-2021-20796, CVE-2021-20807\r\n Toshitsugu Yoneyama(Mitsui Bussan Secure Directions, Inc.) reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\n CVE-2021-20805\r\n Yuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n CVE-2021-20806\r\n Kanta Nishitani of Ierae Security Inc. reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n CVE-2021-20797, CVE-2021-20798, CVE-2021-20799, CVE-2021-20800, CVE-2021-20801, CVE-2021-20802, CVE-2021-20803, CVE-2021-20804, CVE-2022-26838\r\n Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000088.html",
      "sec:cpe": {
        "#text": "cpe:/a:cybozu:cybozu_remote_service",
        "@product": "Remote Service",
        "@vendor": "Cybozu, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
          "@version": "2.0"
        },
        {
          "@score": "5.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-000088",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN52694228/index.html",
          "@id": "JVN#52694228",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20795",
          "@id": "CVE-2021-20795",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20796",
          "@id": "CVE-2021-20796",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20797",
          "@id": "CVE-2021-20797",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20798",
          "@id": "CVE-2021-20798",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20799",
          "@id": "CVE-2021-20799",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20800",
          "@id": "CVE-2021-20800",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20801",
          "@id": "CVE-2021-20801",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20802",
          "@id": "CVE-2021-20802",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20803",
          "@id": "CVE-2021-20803",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20804",
          "@id": "CVE-2021-20804",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20805",
          "@id": "CVE-2021-20805",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20806",
          "@id": "CVE-2021-20806",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20807",
          "@id": "CVE-2021-20807",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26838",
          "@id": "CVE-2022-26838",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20795",
          "@id": "CVE-2021-20795",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20796",
          "@id": "CVE-2021-20796",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20797",
          "@id": "CVE-2021-20797",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20798",
          "@id": "CVE-2021-20798",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20799",
          "@id": "CVE-2021-20799",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20800",
          "@id": "CVE-2021-20800",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20801",
          "@id": "CVE-2021-20801",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20802",
          "@id": "CVE-2021-20802",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20803",
          "@id": "CVE-2021-20803",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20804",
          "@id": "CVE-2021-20804",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20805",
          "@id": "CVE-2021-20805",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20806",
          "@id": "CVE-2021-20806",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20807",
          "@id": "CVE-2021-20807",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26838",
          "@id": "CVE-2022-26838",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/400.html",
          "@id": "CWE-400",
          "@title": "Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027)(CWE-400)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in Cybozu Remote Service"
    }

    JVNDB-2018-000126

    Vulnerability from jvndb - Published: 2018-12-10 14:26 - Updated:2019-08-27 11:48
    Severity
    Summary
    Multiple vulnerabilities in Cybozu Remote Service
    Details
    Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * Upload of arbitrary files in logo setting screen (CWE-434) - CVE-2018-16169 * Directory traversal in used device management screen (CWE-22) - CVE-2018-16170 * Directory traversal in client certificates registration function (CWE-22) - CVE-2018-16171 * Improper countermeasure against clickjacking attack in client certificates management screen (CWE-451) - CVE-2018-16172 Cybozu, Inc. reported CVE-2018-16169 vulnerability to JPCERT/CC to notify users of the solution through JVN. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported CVE-2018-16170 and CVE-2018-16171 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. Kanta Nishitani reported CVE-2018-16172 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000126.html",
      "dc:date": "2019-08-27T11:48+09:00",
      "dcterms:issued": "2018-12-10T14:26+09:00",
      "dcterms:modified": "2019-08-27T11:48+09:00",
      "description": "Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n* Upload of arbitrary files in logo setting screen (CWE-434) - CVE-2018-16169\r\n* Directory traversal in used device management screen (CWE-22) - CVE-2018-16170\r\n* Directory traversal in client certificates registration function (CWE-22) - CVE-2018-16171\r\n* Improper countermeasure against clickjacking attack in client certificates management screen (CWE-451) - CVE-2018-16172\r\n\r\nCybozu, Inc. reported CVE-2018-16169 vulnerability to JPCERT/CC to notify users of the solution through JVN.\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported CVE-2018-16170 and CVE-2018-16171 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\nKanta Nishitani reported CVE-2018-16172 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000126.html",
      "sec:cpe": {
        "#text": "cpe:/a:cybozu:cybozu_remote_service",
        "@product": "Remote Service",
        "@vendor": "Cybozu, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.5",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "8.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-000126",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN23161885/index.html",
          "@id": "JVN#23161885",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16169",
          "@id": "CVE-2018-16169",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16170",
          "@id": "CVE-2018-16170",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16171",
          "@id": "CVE-2018-16171",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16172",
          "@id": "CVE-2018-16172",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16169",
          "@id": "CVE-2018-16169",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16170",
          "@id": "CVE-2018-16170",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16171",
          "@id": "CVE-2018-16171",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16172",
          "@id": "CVE-2018-16172",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-94",
          "@title": "Code Injection(CWE-94)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in Cybozu Remote Service"
    }