CVE-2010-2029

Published: May 24, 2010Modified: Apr 29, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.

Affected (2)

Products: Cybozu: Cybozu Office, Cybozu Dotsales

Cybozu

2 products

Cybozu Office

Cybozu Dotsales

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cybozu Cybozu Office	Version 7

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Cybozu Cybozu Dotsales	All versions

Related CWEs

CWE-264

References (14)

http://cybozu.co.jp/products/dl/notice/detail/0034.html

Source: cve@mitre.org

http://jvn.jp/en/jp/JVN87730223/index.html

Source: cve@mitre.org

http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html

Source: cve@mitre.org

http://secunia.com/advisories/39508

Source: cve@mitre.org

Vendor Advisory

http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html

Source: cve@mitre.org

http://www.osvdb.org/63933

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/57976

Source: cve@mitre.org

http://cybozu.co.jp/products/dl/notice/detail/0034.html