Multiple Cybozu Products Unauthorized Access Vulnerability

Bugtraq ID:	39579
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 15 2010 12:00AM
Updated:	Apr 15 2010 12:00AM
Credit:	Cybozu
Vulnerable:	Cybozu Office 7 Cybozu dot Sales 0
Not Vulnerable:

Multiple Cybozu Products Unauthorized Access Vulnerability

Multiple Cybozu products are prone to an unauthorized-access vulnerability because they fail to adequately restrict access to sensitive information.

An attacker can exploit this vulnerability to gain unauthorized access to resources; other attacks may be possible.

Multiple Cybozu Products Unauthorized Access Vulnerability

Attackers may launch attacks through a browser or other client utilities.

Multiple Cybozu Products Unauthorized Access Vulnerability

Solution:
Updates are available. Please see the references for more information.

Multiple Cybozu Products Unauthorized Access Vulnerability

References:

• Cybozu Home Page (Cybozu)
  
• Easy Login feature - Vulnerability CY10-04-001 (Cybozu)
  
• JVN # 87730223 access control vulnerability in multiple products Cybozu (JPCERT)