Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-4698

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-16 Aug, 2013 | 01:00
Updated At-17 Sep, 2024 | 02:42
Rejected At-
Credits

Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines within the user's own mailbox.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:16 Aug, 2013 | 01:00
Updated At:17 Sep, 2024 | 02:42
Rejected At:
▼CVE Numbering Authority (CNA)

Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines within the user's own mailbox.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000077
third-party-advisory
x_refsource_JVNDB
http://cs.cybozu.co.jp/information/20130812up02.php
x_refsource_CONFIRM
http://jvn.jp/en/jp/JVN21103639/374951/index.html
x_refsource_CONFIRM
http://jvn.jp/en/jp/JVN21103639/index.html
third-party-advisory
x_refsource_JVN
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2013-000077
Resource:
third-party-advisory
x_refsource_JVNDB
Hyperlink: http://cs.cybozu.co.jp/information/20130812up02.php
Resource:
x_refsource_CONFIRM
Hyperlink: http://jvn.jp/en/jp/JVN21103639/374951/index.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://jvn.jp/en/jp/JVN21103639/index.html
Resource:
third-party-advisory
x_refsource_JVN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000077
third-party-advisory
x_refsource_JVNDB
x_transferred
http://cs.cybozu.co.jp/information/20130812up02.php
x_refsource_CONFIRM
x_transferred
http://jvn.jp/en/jp/JVN21103639/374951/index.html
x_refsource_CONFIRM
x_transferred
http://jvn.jp/en/jp/JVN21103639/index.html
third-party-advisory
x_refsource_JVN
x_transferred
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2013-000077
Resource:
third-party-advisory
x_refsource_JVNDB
x_transferred
Hyperlink: http://cs.cybozu.co.jp/information/20130812up02.php
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://jvn.jp/en/jp/JVN21103639/374951/index.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://jvn.jp/en/jp/JVN21103639/index.html
Resource:
third-party-advisory
x_refsource_JVN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:16 Aug, 2013 | 01:55
Updated At:29 Apr, 2026 | 01:13

Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines within the user's own mailbox.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.03.5LOW
AV:N/AC:M/Au:S/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 3.5
Base severity: LOW
Vector:
AV:N/AC:M/Au:S/C:P/I:N/A:N
CPE Matches

Cybozu, Inc.
cybozu
>>mailwise>>5.0.4
cpe:2.3:a:cybozu:mailwise:5.0.4:*:*:*:*:*:*:*
Cybozu, Inc.
cybozu
>>mailwise>>5.0.5
cpe:2.3:a:cybozu:mailwise:5.0.5:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://cs.cybozu.co.jp/information/20130812up02.phpvultures@jpcert.or.jp
Vendor Advisory
http://jvn.jp/en/jp/JVN21103639/374951/index.htmlvultures@jpcert.or.jp
N/A
http://jvn.jp/en/jp/JVN21103639/index.htmlvultures@jpcert.or.jp
N/A
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000077vultures@jpcert.or.jp
N/A
http://cs.cybozu.co.jp/information/20130812up02.phpaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://jvn.jp/en/jp/JVN21103639/374951/index.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://jvn.jp/en/jp/JVN21103639/index.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000077af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://cs.cybozu.co.jp/information/20130812up02.php
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: http://jvn.jp/en/jp/JVN21103639/374951/index.html
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: http://jvn.jp/en/jp/JVN21103639/index.html
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2013-000077
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: http://cs.cybozu.co.jp/information/20130812up02.php
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://jvn.jp/en/jp/JVN21103639/374951/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://jvn.jp/en/jp/JVN21103639/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2013-000077
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

149Records found

CVE-2024-39817
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.42% / 33.53%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 04:54
Updated-18 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.

Action-Not Available
Vendor-Cybozu, Inc.
Product-officeCybozu Office
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-4012
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.19% / 64.20%
||
7 Day CHG~0.00%
Published-08 Sep, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-kunain/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-4013
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.19% / 64.20%
||
7 Day CHG~0.00%
Published-14 Sep, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-kunai_browser_for_remote_servicen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-30693
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-5.3||MEDIUM
EPSS-0.76% / 50.73%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 07:12
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.

Action-Not Available
Vendor-Cybozu, Inc.
Product-officeCybozu Office
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-29467
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.77% / 51.25%
||
7 Day CHG+0.08%
Published-04 Jul, 2022 | 06:56
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.

Action-Not Available
Vendor-Cybozu, Inc.
Product-garoonCybozu Garoon
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2093
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.47% / 70.54%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.

Action-Not Available
Vendor-Cybozu, Inc.
Product-garoonCybozu Garoon
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-29512
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.86% / 54.03%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 00:40
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.

Action-Not Available
Vendor-Cybozu, Inc.
Product-garoonCybozu Garoon
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-0528
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.87% / 54.34%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.

Action-Not Available
Vendor-Cybozu, Inc.
Product-officeCybozu Office
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2018-0526
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.03% / 59.53%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-officen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2109
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-2.5||LOW
EPSS-1.05% / 60.17%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.

Action-Not Available
Vendor-Cybozu, Inc.
Product-kunaiCybozu KUNAI for Android
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7832
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-5.3||MEDIUM
EPSS-1.71% / 74.49%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.

Action-Not Available
Vendor-Cybozu, Inc.
Product-dezieCybozu Dezie
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4844
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.48% / 70.79%
||
7 Day CHG~0.00%
Published-20 Apr, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-mailwisen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4842
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.59% / 72.62%
||
7 Day CHG~0.00%
Published-20 Apr, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-mailwisen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4869
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-2.02% / 78.62%
||
7 Day CHG~0.00%
Published-17 Apr, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-officen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4867
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.37% / 68.48%
||
7 Day CHG~0.00%
Published-17 Apr, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-officen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4872
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.37% / 68.48%
||
7 Day CHG~0.00%
Published-17 Apr, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-officen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4843
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-1.89% / 77.07%
||
7 Day CHG~0.00%
Published-20 Apr, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-mailwisen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1193
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-1.55% / 72.10%
||
7 Day CHG~0.00%
Published-25 Jun, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-garoonn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1196
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.04% / 59.76%
||
7 Day CHG~0.00%
Published-19 Jun, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-garoonn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1185
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-2.5||LOW
EPSS-0.74% / 50.23%
||
7 Day CHG~0.00%
Published-25 Apr, 2016 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-kintonen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1187
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-1.19% / 64.27%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-kunain/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1192
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.46% / 70.28%
||
7 Day CHG~0.00%
Published-19 Jun, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-garoonn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-8487
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.15% / 63.12%
||
7 Day CHG~0.00%
Published-17 Feb, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-officen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-8488
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.17% / 63.48%
||
7 Day CHG~0.00%
Published-17 Feb, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-officen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-7776
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.30% / 66.90%
||
7 Day CHG~0.00%
Published-19 Jun, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-garoonn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3647
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-1.08% / 61.17%
||
7 Day CHG~0.00%
Published-18 Jun, 2013 | 18:45
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-cybozu_liven/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-5573
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.6||MEDIUM
EPSS-0.34% / 25.47%
||
7 Day CHG~0.00%
Published-29 May, 2020 | 08:40
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors.

Action-Not Available
Vendor-Cybozu, Inc.
Product-kintoneAndroid App 'kintone mobile for Android'
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-5572
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.6||MEDIUM
EPSS-0.34% / 25.47%
||
7 Day CHG~0.00%
Published-29 May, 2020 | 08:40
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors.

Action-Not Available
Vendor-Cybozu, Inc.
Product-mailwiseAndroid App 'Mailwise for Android'
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-0894
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.5||LOW
EPSS-4.01% / 89.31%
||
7 Day CHG~0.00%
Published-07 Jul, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document.

Action-Not Available
Vendor-n/aIBM Corporation
Product-algo_credit_limitsalgorithmicsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-0134
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.5||LOW
EPSS-1.49% / 70.93%
||
7 Day CHG~0.00%
Published-08 May, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.

Action-Not Available
Vendor-n/aOpenStack
Product-computen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-6330
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.5||LOW
EPSS-1.46% / 70.32%
||
7 Day CHG~0.00%
Published-16 Jan, 2014 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-6741
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.5||LOW
EPSS-0.95% / 56.96%
||
7 Day CHG~0.00%
Published-26 May, 2014 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error.

Action-Not Available
Vendor-n/aIBM Corporation
Product-maximo_service_desktivoli_it_asset_management_for_ittivoli_service_request_managermaximo_asset_managementchange_and_configuration_management_databasetivoli_asset_management_for_itsmartcloud_control_deskn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-6892
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.96% / 57.08%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.

Action-Not Available
Vendor-websvnn/aDebian GNU/Linux
Product-debian_linuxwebsvnn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-5452
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.5||LOW
EPSS-1.04% / 59.70%
||
7 Day CHG~0.00%
Published-19 Dec, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Action-Not Available
Vendor-n/aIBM Corporation
Product-filenet_business_process_frameworkn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-5453
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.5||LOW
EPSS-0.85% / 53.74%
||
7 Day CHG~0.00%
Published-13 Nov, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote authenticated users to read arbitrary report files by leveraging knowledge of filenames that cannot be easily predicted.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_appscann/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-6237
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-1.69% / 74.22%
||
7 Day CHG~0.00%
Published-10 Dec, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copied by another user in the session.

Action-Not Available
Vendor-islonlinen/a
Product-isl_lightisl_desktop_pluginn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4628
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.62% / 45.44%
||
7 Day CHG~0.00%
Published-20 Jun, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-quidway_service_process_unit_board_s7700quidway_service_process_unit_board_s9300quidway_service_process_unit_board_s9700n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-2998
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.5||LOW
EPSS-0.95% / 56.96%
||
7 Day CHG~0.00%
Published-26 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code.

Action-Not Available
Vendor-n/aIBM Corporation
Product-maximo_asset_managementsmartcloud_control_deskn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-2322
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-3.5||LOW
EPSS-1.01% / 58.79%
||
7 Day CHG~0.00%
Published-28 Jun, 2013 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP SQL/MX 3.2 and earlier on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to obtain sensitive information via unspecified vectors, aka the "SQL/MP index" issue.

Action-Not Available
Vendor-n/aHP Inc.
Product-nonstop_sql\/mxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-3552
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.96% / 57.07%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Room Image/Picture Setup). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_opera_5_property_servicesHospitality OPERA 5 Property Services
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-1840
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.5||LOW
EPSS-1.36% / 68.27%
||
7 Day CHG~0.00%
Published-22 Mar, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.

Action-Not Available
Vendor-amazonn/aOpenStack
Product-glancefolsomessexswifts3_storen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-0944
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-3.5||LOW
EPSS-0.86% / 54.09%
||
7 Day CHG~0.00%
Published-03 May, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-avamarn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-3529
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.5||LOW
EPSS-0.84% / 53.35%
||
7 Day CHG~0.00%
Published-05 Sep, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.

Action-Not Available
Vendor-n/aTYPO3 Association
Product-typo3n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-2165
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.5||LOW
EPSS-0.99% / 58.13%
||
7 Day CHG~0.00%
Published-17 Aug, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_clearquestn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1503
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.5||LOW
EPSS-1.40% / 69.12%
||
7 Day CHG~0.00%
Published-07 May, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncLiferay Inc.
Product-liferay_portallinux_kernelwindows_7n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-3781
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-1.33% / 67.57%
||
7 Day CHG~0.00%
Published-07 Mar, 2019 | 19:00
Updated-16 Sep, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CF CLI does not sanitize user's password in verbose/trace/debug

Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password.

Action-Not Available
Vendor-Cloud Foundry
Product-command_line_interfaceCF CLI
CWE ID-CWE-215
Insertion of Sensitive Information Into Debugging Code
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-24398
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.5||MEDIUM
EPSS-0.77% / 51.15%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.

Action-Not Available
Vendor-SAP SE
Product-business_objects_business_intelligence_platformSAP Business Objects Business Intelligence Platform
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2009-3782
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-1.04% / 59.71%
||
7 Day CHG~0.00%
Published-26 Oct, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors.

Action-Not Available
Vendor-2bitsn/aThe Drupal Association
Product-drupaluserpointsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-1330
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-1.13% / 62.48%
||
7 Day CHG~0.00%
Published-18 Mar, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker.

Action-Not Available
Vendor-n/aNovell
Product-groupwisen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2007-6190
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-1.04% / 59.71%
||
7 Day CHG~0.00%
Published-30 Nov, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_ip_phonen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found