Data Injection Vulnerability in Cybozu Office (CVE-2023-23456)
CVE-2024-39817

6.5MEDIUM

Key Information:

Vendor: Cybozu
Status: Cybozu Office
Vendor: CVE Published:; 6 August 2024

What is CVE-2024-39817?

Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.

Affected Version(s)

Cybozu Office 10.0.0 to 10.8.6

References

https://jvn.jp/en/jp/JVN29845579/

https://kb.cybozu.support/?product=office&v=&fv=10.8.7&t=...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2024
Vulnerability Reserved
Jul 26, 2024

CVE-2024-39817 Data

JSON