PT-2021-14095 · Cybozu · Cybozu Office

Published

2021-03-18

Updated

2021-03-23

CVE-2021-20634

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Cybozu Office versions 10.0.0 through 10.8.4

Description: The issue is related to improper access control in the Custom App of Cybozu Office, allowing authenticated attackers to bypass access restrictions and obtain the date of the Custom App. The attack vector is unspecified.

Recommendations: For Cybozu Office versions 10.0.0 through 10.8.4, consider restricting access to the Custom App until a patch is available to prevent authenticated attackers from bypassing access restrictions. As a temporary workaround, limit the functionality of the Custom App to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-20634

Affected Products

Cybozu Office

PT-2021-14095 · Cybozu · Cybozu Office

CVE-2021-20634

Related Identifiers

Affected Products

References · 7