Vulnerabilities > Cybozu > Remote Service Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-03 | CVE-2022-26838 | Path Traversal vulnerability in Cybozu Remote Service Manager 3.1.2 Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition. | 6.5 |
| 2021-10-13 | CVE-2021-20795 | Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9 Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors. | 6.8 |
| 2021-10-13 | CVE-2021-20796 | Path Traversal vulnerability in Cybozu Remote Service Manager 3.1.8 Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors. | 4.0 |
| 2021-10-13 | CVE-2021-20801 | XXE vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9 Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. | 4.0 |
| 2021-10-13 | CVE-2021-20802 | Injection vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9 HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product. | 5.0 |
| 2021-10-13 | CVE-2021-20803 | Incorrect Authorization vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9 Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen. | 4.0 |
| 2021-10-13 | CVE-2021-20804 | Unspecified vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9 Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors. | 4.0 |
| 2021-10-13 | CVE-2021-20806 | Open Redirect vulnerability in Cybozu Remote Service Manager Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
| 2021-10-13 | CVE-2021-20807 | Cross-site Scripting vulnerability in Cybozu Remote Service Manager Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 4.3 |
| 2019-01-09 | CVE-2018-16172 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cybozu Remote Service Manager Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate. | 5.8 |