VYPR
← All advisories
High severity7.4NVD Advisory· Published Feb 17, 2016· Updated May 6, 2026

CVE-2015-8483

CVE-2015-8483

Description

Open redirect in Cybozu Office 10.2.0–10.3.0 allows remote attackers to redirect users to arbitrary sites via crafted URL, enabling phishing.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Open redirect in Cybozu Office 10.2.0–10.3.0 allows remote attackers to redirect users to arbitrary sites via crafted URL, enabling phishing.

Vulnerability

Cybozu Office versions 10.2.0 through 10.3.0 contain an open redirect vulnerability in network functions [1][2]. An attacker can craft a URL that, when visited by a user, redirects them to an arbitrary external website. This issue affects Cybozu Office on-premises and cloud versions within the specified range [3].

Exploitation

To exploit this vulnerability, an attacker must trick a user into clicking a specially crafted URL, such as via email or a malicious link on another site. No authentication is required, and the attack is network-based with low complexity [2]. User interaction is required (the user must click the link).

Impact

Successful exploitation allows the attacker to redirect the victim to an arbitrary website, which can be used for phishing attacks to steal credentials or other sensitive information [1]. The integrity impact is low, with no direct confidentiality or availability impact [2].

Mitigation

The vulnerability is fixed in Cybozu Office 10.4.0 and later [3]. Users should update to version 10.4.0 or newer. For cloud users on cybozu.com, the fix was applied during maintenance in October 2015 [3]. No workaround is provided for older versions, so upgrading is essential.

References
  1. Cybozu Office vulnerable to open redirect
  2. JVNDB-2016-000025 - JVN iPedia
  3. 特定の機能でオープンリダイレクトの脆弱性【CyVDB-785】(2015/12/14) | サイボウズからのお知らせ

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

16
  • Cybozu/Office16 versions
    cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*
    • (no CPE)range: >=10.2.0, <=10.3.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.