Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL.
https://exchange.xforce.ibmcloud.com/vulnerabilities/85894
http://products.cybozu.co.jp/office/ver9/download/update/fix910.html