Improper Access Control in Custom App of Cybozu Office by Cybozu
CVE-2021-20634

4.3MEDIUM

Key Information:

Vendor: Cybozu
Status: Cybozu Office
Vendor: CVE Published:; 18 March 2021

What is CVE-2021-20634?

An access control vulnerability exists in the Custom App of Cybozu Office versions 10.0.0 to 10.8.4. This flaw allows authenticated attackers to bypass the intended access restrictions, potentially exposing sensitive data within the Custom App. Attackers might exploit this vulnerability through various unspecified vectors, highlighting the importance of ensuring that access controls are properly configured to mitigate unauthorized data exposure.

Affected Version(s)

Cybozu Office 10.0.0 to 10.8.4

References

https://jvn.jp/en/jp/JVN45797538/index.html

x_refsource_MISC

https://kb.cybozu.support/article/36865/

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 18, 2021
Vulnerability Reserved
Dec 17, 2020

CVE-2021-20634 Data

JSON