CVE-2024-39817

Aug. 6, 2024, 4:30 p.m.

Tags

vultures@jpcert.or.jp
2024-08-06
CVE-2024-39817

Product(s) Impacted

Cybozu Office

  • 10.0.0
  • 10.8.6

Description

Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.

Weaknesses

Date

Published: Aug. 6, 2024, 5:15 a.m.

Last Modified: Aug. 6, 2024, 4:30 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vultures@jpcert.or.jp

References

https://jvn.jp/en/jp/JVN29845579/
vultures@jpcert.or.jp
https://kb.cybozu.support/?product=office&v=&fv=10.8.7&t=%E8%84%86%E5%BC%B1%E6%80%A7&s=
vultures@jpcert.or.jp