Описание
Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cybozu:cybozu_office:7:-:ktai:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:cybozu:cybozu_dotsales:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00351
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.
EPSS
Процентиль: 57%
0.00351
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-264