CVE-2015-8488
Description
Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message.
Vulnerability
Cybozu Office 10.3.0 contains an information disclosure vulnerability in its mail function [1][2]. When a specially crafted e-mail message is opened, the application improperly processes embedded image requests, allowing an attacker to read image files [1]. The vulnerability is distinct from CVE-2015-8487 [1]. Affected versions: Cybozu Office 10.3.0 [1][2].
Exploitation
An attacker can exploit this vulnerability by sending a specially crafted e-mail message to an authenticated user of Cybozu Office [1][2]. The attack requires no privileges but does require user interaction — the recipient must open the crafted email [3]. The attack vector is network-based with low complexity [2].
Impact
When a specially crafted mail is opened, image files accessible by authenticated users may be obtained by a third-party [1][2]. The confidentiality impact is low; there is no integrity or availability impact [2]. The CVSS v3 base score is 4.3 (Medium) [2].
Mitigation
Users should update to Cybozu Office version 10.4.0 or later, which contains the fix [3]. For Cybozu Office on cybozu.com, the fix was applied in the October 2015 maintenance update [3]. Customers with a valid service license can upgrade for free [3].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- jvn.jp/en/jp/JVN28042424/index.htmlnvdVendor Advisory
- jvndb.jvn.jp/jvndb/JVNDB-2016-000021nvdVendor Advisory
- cs.cybozu.co.jp/2015/006075.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.