mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
258 lines
8.4 KiB
JSON
258 lines
8.4 KiB
JSON
{
|
|
"id": "CVE-2011-1334",
|
|
"sourceIdentifier": "vultures@jpcert.or.jp",
|
|
"published": "2011-06-29T17:55:02.877",
|
|
"lastModified": "2011-06-30T04:00:00.000",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the mail system.\""
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Cybozu Office v6, Cybozu Garoon v2.0.0 hasta v2.1.3, Cybozu Dezie antes de v6.1, Cybozu MailWise antes de v3.1, y Cybozu Collaborex antes de v1.5 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con \"la descarga de archivos gr\u00e1ficos desde el sistema de correo\"."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.3
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:office:6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "840B6B7E-3894-42FE-9703-9F58E3E1C343"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "348C389E-ADFD-4D2C-AA54-220664EA2755"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "48F3F19B-25A7-4E9E-9961-1F7C8DBC0327"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "08AE0E10-87A4-4862-A873-A943F44A9862"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C88D773E-B6DE-4FD2-A911-0D13C6CA902C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C846A750-F26E-4F1F-85A3-F95BCC9F8A3E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2E139B6A-2F36-4EB5-BA1F-84D67C89E935"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:dezie:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "6.0",
|
|
"matchCriteriaId": "A008D879-B6CC-4B4E-AC09-2EE95C766C97"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:dezie:1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2AF84B9B-33F4-4AC2-BD73-75F534C2C44F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:dezie:2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "215F885A-9E88-4A1A-9DC2-D3F0C49D5EEE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:dezie:3.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "485DBA87-EC8A-42B7-A733-75DCC80D582F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:dezie:4.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8402C259-A94C-4565-8966-A7EBC6309D78"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:dezie:5.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B8FB82E3-EA14-4A4A-949A-FCB0FDF53933"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:dezie:5.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7E63153C-484C-408A-B147-BB25D93F3B19"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:mailwise:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "3.0",
|
|
"matchCriteriaId": "2B063F64-8A73-4D16-B6CB-FC832CAA91F2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:mailwise:1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "51929894-F74C-4F8D-A12F-73CBA4FED396"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:mailwise:2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EE25F18D-2317-4646-A00A-D627E3BF3868"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:mailwise:2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6A28D9F5-6A27-42B5-8640-8560D68D930E"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:collaborex:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "1.1",
|
|
"matchCriteriaId": "E1271BA9-9FD3-444C-B36F-68B4C0AA3189"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cybozu:collaborex:1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A910D1FE-CBF2-4AF5-B322-A1B87E53D75F"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html",
|
|
"source": "vultures@jpcert.or.jp",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://jvn.jp/en/jp/JVN54074460/index.html",
|
|
"source": "vultures@jpcert.or.jp"
|
|
},
|
|
{
|
|
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046",
|
|
"source": "vultures@jpcert.or.jp"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/48446",
|
|
"source": "vultures@jpcert.or.jp"
|
|
}
|
|
]
|
|
} |