{"api_version":"1","generated_at":"2026-07-08T15:34:39+00:00","cve":"CVE-2010-2029","urls":{"html":"https://cve.report/CVE-2010-2029","api":"https://cve.report/api/cve/CVE-2010-2029.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2010-2029","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2010-2029"},"summary":{"title":"CVE-2010-2029","description":"Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.","state":"PUBLISHED","assigner":"mitre","published_at":"2010-05-24 19:30:01","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-264","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html","name":"http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/39508","name":"http://secunia.com/advisories/39508","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Cybozu Products Login Security Bypass Vulnerability - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/63933","name":"http://www.osvdb.org/63933","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://cybozu.co.jp/products/dl/notice/detail/0034.html","name":"http://cybozu.co.jp/products/dl/notice/detail/0034.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"お探しのページが見つかりませんでした。 | サイボウズ株式会社","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://jvn.jp/en/jp/JVN87730223/index.html","name":"http://jvn.jp/en/jp/JVN87730223/index.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"JVN#87730223 Multiple Cybozu products vulnerable to authentication bypass","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/57976","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/57976","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html","name":"http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IPA Information-technology Promotion Agency, Japan : IPA/ISEC：Vulnerabilities：Security Alert for Vulnerability in Multiple Cybozu Products","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2010-2029","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-2029","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2010","cve_id":"2029","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cybozu","cpe5":"cybozu_dotsales","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"2029","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cybozu","cpe5":"cybozu_office","cpe6":"7","cpe7":"-","cpe8":"ktai","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T02:17:14.381Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"39508","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/39508"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://cybozu.co.jp/products/dl/notice/detail/0034.html"},{"name":"JVNDB-2010-000016","tags":["third-party-advisory","x_refsource_JVNDB","x_transferred"],"url":"http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html"},{"name":"63933","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/63933"},{"name":"cybozu-office-dotsales-sec-bypass(57976)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/57976"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html"},{"name":"JVN#87730223","tags":["third-party-advisory","x_refsource_JVN","x_transferred"],"url":"http://jvn.jp/en/jp/JVN87730223/index.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2010-04-19T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"39508","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/39508"},{"tags":["x_refsource_CONFIRM"],"url":"http://cybozu.co.jp/products/dl/notice/detail/0034.html"},{"name":"JVNDB-2010-000016","tags":["third-party-advisory","x_refsource_JVNDB"],"url":"http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html"},{"name":"63933","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/63933"},{"name":"cybozu-office-dotsales-sec-bypass(57976)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/57976"},{"tags":["x_refsource_MISC"],"url":"http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html"},{"name":"JVN#87730223","tags":["third-party-advisory","x_refsource_JVN"],"url":"http://jvn.jp/en/jp/JVN87730223/index.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2010-2029","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"39508","refsource":"SECUNIA","url":"http://secunia.com/advisories/39508"},{"name":"http://cybozu.co.jp/products/dl/notice/detail/0034.html","refsource":"CONFIRM","url":"http://cybozu.co.jp/products/dl/notice/detail/0034.html"},{"name":"JVNDB-2010-000016","refsource":"JVNDB","url":"http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html"},{"name":"63933","refsource":"OSVDB","url":"http://www.osvdb.org/63933"},{"name":"cybozu-office-dotsales-sec-bypass(57976)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/57976"},{"name":"http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html","refsource":"MISC","url":"http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html"},{"name":"JVN#87730223","refsource":"JVN","url":"http://jvn.jp/en/jp/JVN87730223/index.html"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2010-2029","datePublished":"2010-05-24T19:00:00.000Z","dateReserved":"2010-05-24T00:00:00.000Z","dateUpdated":"2024-08-07T02:17:14.381Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2010-05-24 19:30:01","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-264","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:cybozu_office:7:-:ktai:*:*:*:*:*","matchCriteriaId":"941E9A1B-1510-4AE1-9E56-5EF33EC9104A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:cybozu_dotsales:*:*:*:*:*:*:*:*","matchCriteriaId":"313EE48E-33E5-4363-9394-762887056DCA"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2010","CveId":"2029","Ordinal":"1","Title":"CVE-2010-2029","CVE":"CVE-2010-2029","Year":"2010"},"notes":[{"CveYear":"2010","CveId":"2029","Ordinal":"1","NoteData":"Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.","Type":"Description","Title":"CVE-2010-2029"},{"CveYear":"2010","CveId":"2029","Ordinal":"2","NoteData":"2010-05-24","Type":"Other","Title":"Published"},{"CveYear":"2010","CveId":"2029","Ordinal":"3","NoteData":"2017-08-16","Type":"Other","Title":"Modified"}]}}}