CVE-2024-39817

Description

Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

Cybozu, Inc. / Cybozu Office10.0.0 to 10.8.6 – 10.0.0 to 10.8.6

References

MISChttps://jvn.jp/en/jp/JVN29845579/
MISChttps://kb.cybozu.support/?product=office&v=&fv=10.8.7&t=%E8%84%86%E5%BC%B1%E6%80%A7&s=