Cybozu Remote Service Manager

Do you want an email whenever new security vulnerabilities are reported in Cybozu Remote Service Manager?

By the Year

In 2023 there have been 1 vulnerability in Cybozu Remote Service Manager with an average score of 6.5 out of ten. Remote Service Manager did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2023 as compared to last year.

Year Vulnerabilities Average Score
2023 1 6.50
2022 0 0.00
2021 13 6.02
2020 0 0.00
2019 2 7.65
2018 0 0.00

It may take a day or so for new Remote Service Manager vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Cybozu Remote Service Manager Security Vulnerabilities

Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2

CVE-2022-26838 6.5 - Medium - August 03, 2023

Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.

Directory traversal

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9

CVE-2021-20807 6.1 - Medium - October 13, 2021

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9

CVE-2021-20806 6.1 - Medium - October 13, 2021

Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Open Redirect

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9

CVE-2021-20805 5.4 - Medium - October 13, 2021

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20804 6.5 - Medium - October 13, 2021

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors.

Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20803 5.4 - Medium - October 13, 2021

Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen.

AuthZ

HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20802 5.3 - Medium - October 13, 2021

HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product.

Injection

Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20801 6.5 - Medium - October 13, 2021

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. This issue occurs only when using Mozilla Firefox.

XXE

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8

CVE-2021-20800 5.4 - Medium - October 13, 2021

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20799 5.4 - Medium - October 13, 2021

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20798 5.4 - Medium - October 13, 2021

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8

CVE-2021-20797 5.4 - Medium - October 13, 2021

Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox.

XSS

Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8

CVE-2021-20796 6.5 - Medium - October 13, 2021

Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors.

Directory traversal

Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20795 8.8 - High - October 13, 2021

Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors.

Session Riding

Cybozu Remote Service 3.0.0 to 3.1.0

CVE-2018-16169 8.8 - High - January 09, 2019

Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Java code file on the server via unspecified vectors.

Unrestricted File Upload

Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8

CVE-2018-16172 6.5 - Medium - January 09, 2019

Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate.

Clickjacking

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Cybozu Remote Service Manager or by Cybozu? Click the Watch button to subscribe.

 

Cybozu
Vendor

subscribe