PT-2021-14086 · Cybozu · Cybozu Office

Yuji Tounai

Published

2021-03-18

Updated

2022-07-12

CVE-2021-20625

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Cybozu Office versions 10.0.0 through 10.8.4

Description: The issue is related to improper access control in the Bulletin Board component, allowing an authenticated attacker to bypass access restrictions and alter data via unspecified vectors.

Recommendations: For versions 10.0.0 through 10.8.4, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Bulletin Board component to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-20625

Affected Products

Cybozu Office

PT-2021-14086 · Cybozu · Cybozu Office

CVE-2021-20625

Related Identifiers

Affected Products

References · 7