CVE-2010-2029
Summary
| CVE | CVE-2010-2029 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-05-24 19:30:00 UTC |
| Updated | 2017-08-17 01:32:00 UTC |
| Description | Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cybozu | Cybozu Dotsales | All | All | All | All |
| Application | Cybozu | Cybozu Dotsales | All | All | All | All |
| Application | Cybozu | Cybozu Office | 7 | - | ktai | All |
| Application | Cybozu | Cybozu Office | 7 | - | ktai | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| JVN#87730223 Multiple Cybozu products vulnerable to authentication bypass | JVN | jvn.jp | |
| Cybozu Products Login Security Bypass Vulnerability - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| IPA Information-technology Promotion Agency, Japan : IPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in Multiple Cybozu Products | MISC | www.ipa.go.jp | |
| JVNDB-2010-000016 | JVNDB | jvndb.jvn.jp | |
| 63933 | OSVDB | www.osvdb.org | |
| お探しのページが見つかりませんでした。 | サイボウズ株式会社 | CONFIRM | cybozu.co.jp | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.