VIR Vulnerability Intelligence Relay

CVE-2014-7266

high
Published 2015-02-01 · Modified 2026-05-06
CVSS v3
CVSS v2
7.8
VIR risk
7.8

Description

Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigger colliding hash-table keys. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1983.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: vultures@jpcert.or.jp — https://cs.cybozu.co.jp/2015/001245.html

vendor Authored 2026-05-27

Vendor advisory: vultures@jpcert.or.jp — http://jvndb.jvn.jp/jvndb/JVNDB-2015-000001

vendor Authored 2026-05-27

Vendor advisory: vultures@jpcert.or.jp — http://jvn.jp/en/jp/JVN13566542/index.html

Application impact
VendorProductVersionsFixed
cybozuremote_service_manager2.3.0
cybozuremote_service_manager3.1.0
cybozuremote_service_manager3.1.1
cybozuremote_service_manager3.1.2

References

CWEs

CWE-399

Verify integrity in audit chain (admin only). AS-IS.