Refine your search
5 vulnerabilities found for Remote Service Manager by Cybozu, Inc.
CVE-2016-7815 (GCVE-0-2016-7815)
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-06 02:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to verify client certificates
Summary
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Remote Service Manager |
Version: 3.0.0 to 3.1.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95379",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95379"
},
{
"name": "JVN#19241292",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN19241292/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9689"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Remote Service Manager",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 3.1.4"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify client certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "95379",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95379"
},
{
"name": "JVN#19241292",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN19241292/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cybozu.com/ja-jp/article/9689"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Remote Service Manager",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 3.1.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify client certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95379",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95379"
},
{
"name": "JVN#19241292",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN19241292/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9689",
"refsource": "MISC",
"url": "https://support.cybozu.com/ja-jp/article/9689"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7815",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2017-000007
Vulnerability from jvndb
Published
2017-01-11 13:46
Modified
2017-06-06 15:52
Severity ?
Summary
Cybozu Remote Service Manager fails to verify client certificates
Details
Remote Service Manager provided by Cybozu, Inc. is a software to access internal systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager fails to verify client certificates.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000007.html",
"dc:date": "2017-06-06T15:52+09:00",
"dcterms:issued": "2017-01-11T13:46+09:00",
"dcterms:modified": "2017-06-06T15:52+09:00",
"description": "Remote Service Manager provided by Cybozu, Inc. is a software to access internal systems such as Cybozu products via \"Cybozu Remote Service\". Remote Service Manager fails to verify client certificates.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000007.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:remote_service_manager",
"@product": "Remote Service Manager",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.9",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000007",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN19241292/index.html",
"@id": "JVN#19241292",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7815",
"@id": "CVE-2016-7815",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7815",
"@id": "CVE-2016-7815",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Cybozu Remote Service Manager fails to verify client certificates"
}
jvndb-2015-000001
Vulnerability from jvndb
Published
2015-01-30 14:19
Modified
2015-01-30 14:19
Summary
Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)
Details
Remote Service Manager contains a denial-of-service (DoS) vulnerability.
Remote Service Manager provided by Cybozu, Inc. is a software to access internal systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a denial-of-service (DoS) vulnerability.
Note that this vulnerability was caused due to an incomplete fix of JVN#10319260.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000001.html",
"dc:date": "2015-01-30T14:19+09:00",
"dcterms:issued": "2015-01-30T14:19+09:00",
"dcterms:modified": "2015-01-30T14:19+09:00",
"description": "Remote Service Manager contains a denial-of-service (DoS) vulnerability.\r\n\r\nRemote Service Manager provided by Cybozu, Inc. is a software to access internal systems such as Cybozu products via \"Cybozu Remote Service\". Remote Service Manager contains a denial-of-service (DoS) vulnerability.\r\n\r\nNote that this vulnerability was caused due to an incomplete fix of JVN#10319260.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.\r\nJPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000001.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:remote_service_manager",
"@product": "Remote Service Manager",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.1",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000001",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN13566542/index.html",
"@id": "JVN#13566542",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/jp/JVN10319260/index.html",
"@id": "JVN#10319260",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7266",
"@id": "CVE-2014-7266",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-7266",
"@id": "CVE-2014-7266",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)"
}
jvndb-2014-000039
Vulnerability from jvndb
Published
2014-04-18 13:40
Modified
2014-04-28 18:13
Summary
Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)
Details
Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a denial-of-service (DoS) vulnerability.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000039.html",
"dc:date": "2014-04-28T18:13+09:00",
"dcterms:issued": "2014-04-18T13:40+09:00",
"dcterms:modified": "2014-04-28T18:13+09:00",
"description": "Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via \"Cybozu Remote Service\". Remote Service Manager contains a denial-of-service (DoS) vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000039.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:remote_service_manager",
"@product": "Remote Service Manager",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.1",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000039",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN10319260/index.html",
"@id": "JVN#10319260",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1983",
"@id": "CVE-2014-1983",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1983",
"@id": "CVE-2014-1983",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)"
}
jvndb-2014-000040
Vulnerability from jvndb
Published
2014-04-18 13:35
Modified
2014-04-28 18:14
Summary
Cybozu Remote Service Manager vulnerable to session fixation
Details
Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a session fixation vulnerability.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000040.html",
"dc:date": "2014-04-28T18:14+09:00",
"dcterms:issued": "2014-04-18T13:35+09:00",
"dcterms:modified": "2014-04-28T18:14+09:00",
"description": "Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via \"Cybozu Remote Service\". Remote Service Manager contains a session fixation vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000040.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:remote_service_manager",
"@product": "Remote Service Manager",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000040",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN00058727/index.html",
"@id": "JVN#00058727",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1984",
"@id": "CVE-2014-1984",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1984",
"@id": "CVE-2014-1984",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Remote Service Manager vulnerable to session fixation"
}