CVE-2024-39817

Summary

Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.

Affected Software

VendorProductVersion RangeStatus
Cybozu, Inc.Cybozu Office10.0.0 to 10.8.6affected

Weaknesses

  • Insertion of Sensitive Information Into Sent Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References