CVE-2010-2029
Summary
| CVE | CVE-2010-2029 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-05-24 19:30:01 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:N/C:P/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cybozu | Cybozu Dotsales | All | All | All | All |
| Application | Cybozu | Cybozu Office | 7 | - | ktai | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html | af854a3a-2127-422b-91ae-364da2661108 | jvndb.jvn.jp | |
| Cybozu Products Login Security Bypass Vulnerability - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| www.osvdb.org/63933 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| お探しのページが見つかりませんでした。 | サイボウズ株式会社 | af854a3a-2127-422b-91ae-364da2661108 | cybozu.co.jp | |
| JVN#87730223 Multiple Cybozu products vulnerable to authentication bypass | af854a3a-2127-422b-91ae-364da2661108 | jvn.jp | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| IPA Information-technology Promotion Agency, Japan : IPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in Multiple Cybozu Products | af854a3a-2127-422b-91ae-364da2661108 | www.ipa.go.jp | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.