CVE-2021-20801

Name of the Vulnerable Software and Affected Versions: Cybozu Remote Service versions 3.1.8 through 3.1.9

Description: The issue allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks. This can lead to obtaining the information stored in the product. The attack is possible via unspecified vectors, but it only occurs when using Mozilla Firefox.

Recommendations: For Cybozu Remote Service versions 3.1.8 through 3.1.9, consider disabling the use of Mozilla Firefox until a patch is available. As a temporary workaround, restrict access to sensitive information stored in the product to minimize the risk of exploitation.