CVE-2016-4873 - OpenCVE

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cybozu	Office

Configuration 1 [-]

OR	cpe:2.3:a:cybozu:office:9.0:::::::*
	cpe:2.3:a:cybozu:office:9.1.0:::::::*
	cpe:2.3:a:cybozu:office:9.2.0:::::::*
	cpe:2.3:a:cybozu:office:9.2.1:::::::*
	cpe:2.3:a:cybozu:office:9.3.0:::::::*
	cpe:2.3:a:cybozu:office:9.3.1:::::::*
	cpe:2.3:a:cybozu:office:9.3.2:::::::*
	cpe:2.3:a:cybozu:office:9.9.0:::::::*
	cpe:2.3:a:cybozu:office:10.0.0:::::::*
	cpe:2.3:a:cybozu:office:10.0.1:::::::*
	cpe:2.3:a:cybozu:office:10.0.2:::::::*
	cpe:2.3:a:cybozu:office:10.1.0:::::::*
	cpe:2.3:a:cybozu:office:10.1.2:::::::*
	cpe:2.3:a:cybozu:office:10.2.0:::::::*
	cpe:2.3:a:cybozu:office:10.3.0:::::::*
	cpe:2.3:a:cybozu:office:10.4.0:::::::*

References

Link	Resource
http://jvn.jp/en/jp/JVN07148816/index.html	Third Party Advisory VDB Entry
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html	VDB Entry
http://www.securityfocus.com/bid/93461	Third Party Advisory VDB Entry
https://support.cybozu.com/ja-jp/article/9442	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2017-04-17T15:00:00

Updated: 2017-05-22T15:57:01

Reserved: 2016-05-17T00:00:00

Link: CVE-2016-4873

JSON object: View

NVD Information

Status : Modified

Published: 2017-04-17T15:59:00.463

Modified: 2017-05-23T01:29:02.367

Link: CVE-2016-4873

JSON object: View

Redhat Information

No data.

CWE

CWE-275

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-03T00:00:00", "descriptions": [{"lang": "en", "value": "Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-05-22T15:57:01", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.cybozu.com/ja-jp/article/9442"}, {"name": "93461", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93461"}, {"name": "JVN#07148816", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN07148816/index.html"}, {"name": "JVNDB-2016-000189", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2016-4873", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.cybozu.com/ja-jp/article/9442", "refsource": "CONFIRM", "url": "https://support.cybozu.com/ja-jp/article/9442"}, {"name": "93461", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93461"}, {"name": "JVN#07148816", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN07148816/index.html"}, {"name": "JVNDB-2016-000189", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html"}]}}}}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2016-4873", "datePublished": "2017-04-17T15:00:00", "dateReserved": "2016-05-17T00:00:00", "dateUpdated": "2017-05-22T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "B029709C-5ED7-4F29-8DA9-AFF9D678429F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D9AE0F63-8DD1-4F61-B772-E4F64197A73F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "27E1F1BC-4FF8-4438-92C2-5094F18BAB27", "vulnerable": true}, {"criteria": "cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "C71A2292-BEEF-4449-992C-B8535E0EF969", "vulnerable": true}, {"criteria": "cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E4B07F75-4F29-4241-9C5A-F723EAFCFC49", "vulnerable": true}, {"criteria": "cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "7ADEDCD4-8794-42A3-961A-9CE562BF64CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "3CF1B981-0417-430F-9BB3-7292D297557E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "59BDE89C-C891-4517-877D-26B5E4D87E0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F02CF334-548D-4B9B-8732-A85D97E003C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A968E493-5C74-45FB-BA4E-C21D66613480", "vulnerable": true}, {"criteria": "cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "89D06E58-28D5-43E9-87CD-9534DF3CA6DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A86DD19B-9DD2-412D-B259-9D2677C9CC0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BF85C6A-952B-4327-98EF-BB72CA6AA5CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "664B383F-3C96-406C-B0B9-041F26F1F5A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cybozu:office:10.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BBA465B8-3852-4630-B16C-120F77DB1F8C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function."}, {"lang": "es", "value": "Cybozu Office versiones 9.0.0 hasta 10.4.0, permite a los atacantes autenticados remotos ejecutar operaciones no previstas por medio de la funci\u00f3n Project."}], "id": "CVE-2016-4873", "lastModified": "2017-05-23T01:29:02.367", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-17T15:59:00.463", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://jvn.jp/en/jp/JVN07148816/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["VDB Entry"], "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93461"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://support.cybozu.com/ja-jp/article/9442"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-275"}], "source": "nvd@nist.gov", "type": "Primary"}]}