Vulnerabilities > Cybozu > Remote Service Manager > 3.1.9

DATE CVE VULNERABILITY TITLE RISK
2021-10-13 CVE-2021-20795 Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9
Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors.
network
low complexity
cybozu CWE-352
8.8
8.8
2021-10-13 CVE-2021-20798 Cross-site Scripting vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
network
low complexity
cybozu CWE-79
5.4
5.4
2021-10-13 CVE-2021-20799 Cross-site Scripting vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
network
low complexity
cybozu CWE-79
5.4
5.4
2021-10-13 CVE-2021-20801 XXE vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9
Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors.
network
low complexity
cybozu CWE-611
6.5
6.5
2021-10-13 CVE-2021-20802 Injection vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9
HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product.
network
low complexity
cybozu CWE-74
5.3
5.3
2021-10-13 CVE-2021-20803 Incorrect Authorization vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9
Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen.
network
low complexity
cybozu CWE-863
5.4
5.4
2021-10-13 CVE-2021-20804 Unspecified vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9
Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors.
network
low complexity
cybozu
6.5
6.5
2021-10-13 CVE-2021-20805 Cross-site Scripting vulnerability in Cybozu Remote Service Manager 3.1.7/3.1.8/3.1.9
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
network
low complexity
cybozu CWE-79
5.4
5.4
2021-10-13 CVE-2021-20806 Open Redirect vulnerability in Cybozu Remote Service Manager
Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
low complexity
cybozu CWE-601
6.1
6.1
2021-10-13 CVE-2021-20807 Cross-site Scripting vulnerability in Cybozu Remote Service Manager
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors.
network
low complexity
cybozu CWE-79
6.1
6.1