Refine your search

88 vulnerabilities found for Cybozu Garoon by Cybozu, Inc.

jvndb-2024-000072
Vulnerability from jvndb
Published
2024-07-16 16:14
Modified
2024-07-16 16:14
Severity ?
7.4 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Summary
Cybozu Garoon vulnerable to cross-site scripting
Details
Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting vulnerability in PDF preview (CWE-79). Masato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000072.html",
  "dc:date": "2024-07-16T16:14+09:00",
  "dcterms:issued": "2024-07-16T16:14+09:00",
  "dcterms:modified": "2024-07-16T16:14+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting vulnerability in PDF preview (CWE-79).\r\n\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000072.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "7.4",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-000072",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN74825766/index.html",
      "@id": "JVN#74825766",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-39457",
      "@id": "CVE-2024-39457",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Cybozu Garoon vulnerable to cross-site scripting"
}

jvndb-2024-000047
Vulnerability from jvndb
Published
2024-05-13 15:19
Modified
2024-05-13 15:19
Severity ?
6.9 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * [CyVDB-3167] Improper handling of data in Mail (CWE-231) - CVE-2024-31397 * [CyVDB-3221] Improper restriction on the output of some API (CWE-201) - CVE-2024-31398 * [CyVDB-3238] Excessive resource consumption in Mail (CWE-1050) - CVE-2024-31399 * [CyVDB-3439] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2024-31401 * [CyVDB-3441] Improper restriction on some operation in Shared To-Dos (CWE-863) - CVE-2024-31402 * [CyVDB-3402] Information disclosure in Mail (CWE-201) - CVE-2024-31400 * [CyVDB-3151] Improper restriction on browsing and operation in Memo (CWE-863) - CVE-2024-31403 * [CyVDB-3471] Browse restriction bypass in Scheduler (CWE-201) - CVE-2024-31404 CVE-2024-31401 @bttthuan reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. CVE-2024-31403 Yuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. CVE-2024-31397, CVE-2024-31398, CVE-2024-31399, CVE-2024-31400, CVE-2024-31402, CVE-2024-31404 Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000047.html",
  "dc:date": "2024-05-13T15:19+09:00",
  "dcterms:issued": "2024-05-13T15:19+09:00",
  "dcterms:modified": "2024-05-13T15:19+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n* [CyVDB-3167] Improper handling of data in Mail (CWE-231) - CVE-2024-31397\r\n* [CyVDB-3221] Improper restriction on the output of some API (CWE-201) - CVE-2024-31398\r\n* [CyVDB-3238] Excessive resource consumption in Mail (CWE-1050) - CVE-2024-31399\r\n* [CyVDB-3439] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2024-31401\r\n* [CyVDB-3441] Improper restriction on some operation in Shared To-Dos (CWE-863) - CVE-2024-31402\r\n* [CyVDB-3402] Information disclosure in Mail (CWE-201) - CVE-2024-31400\r\n* [CyVDB-3151] Improper restriction on browsing and operation in Memo (CWE-863) - CVE-2024-31403\r\n* [CyVDB-3471] Browse restriction bypass in Scheduler (CWE-201) - CVE-2024-31404\r\n\r\nCVE-2024-31401\r\n@bttthuan reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2024-31403\r\nYuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2024-31397, CVE-2024-31398, CVE-2024-31399, CVE-2024-31400, CVE-2024-31402, CVE-2024-31404\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000047.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "6.9",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-000047",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN28869536/index.html",
      "@id": "JVN#28869536",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31397",
      "@id": "CVE-2024-31397",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31398",
      "@id": "CVE-2024-31398",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31399",
      "@id": "CVE-2024-31399",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31400",
      "@id": "CVE-2024-31400",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31401",
      "@id": "CVE-2024-31401",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31402",
      "@id": "CVE-2024-31402",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31403",
      "@id": "CVE-2024-31403",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31404",
      "@id": "CVE-2024-31404",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Garoon"
}

jvndb-2023-000049
Vulnerability from jvndb
Published
2023-05-15 14:29
Modified
2024-05-24 15:26
Severity ?
5.0 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * [CyVDB-3122] Denial-of-service (DoS) in Message (CWE-400) - CVE-2023-26595 * [CyVDB-3142] Operation restriction bypass vulnerability in Message and Bulletin (CWE-285) - CVE-2023-27304 * [CyVDB-3165] Operation restriction bypass vulnerability in MultiReport (CWE-284) - CVE-2023-27384 CVE-2023-27384 Yuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. CVE-2023-26595, CVE-2023-27304 Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000049.html",
  "dc:date": "2024-05-24T15:26+09:00",
  "dcterms:issued": "2023-05-15T14:29+09:00",
  "dcterms:modified": "2024-05-24T15:26+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n  * [CyVDB-3122] Denial-of-service (DoS) in Message (CWE-400) - CVE-2023-26595\r\n  * [CyVDB-3142] Operation restriction bypass vulnerability in Message and Bulletin (CWE-285) - CVE-2023-27304\r\n  * [CyVDB-3165] Operation restriction bypass vulnerability in MultiReport (CWE-284) - CVE-2023-27384\r\n\r\nCVE-2023-27384\r\nYuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2023-26595, CVE-2023-27304\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000049.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
      "@version": "2.0"
    },
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2023-000049",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN41694426/index.html",
      "@id": "JVN#41694426",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-26595",
      "@id": "CVE-2023-26595",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27304",
      "@id": "CVE-2023-27304",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27384",
      "@id": "CVE-2023-27384",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-26595",
      "@id": "CVE-2023-26595",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27304",
      "@id": "CVE-2023-27304",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27384",
      "@id": "CVE-2023-27384",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Garoon"
}

jvndb-2022-000051
Vulnerability from jvndb
Published
2022-07-04 14:17
Modified
2024-06-17 16:49
Severity ?
5.4 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * [CyVDB-2909] Operation restriction bypass in multiple applications (CWE-285) - CVE-2022-30602 * [CyVDB-3042] Information disclosure in multiple applications (CWE-200) - CVE-2022-29512 <s>* [CyVDB-3111] Improper input validation in multiple applications (CWE-20) - CVE-2022-29926</s> * [CyVDB-3143] Browsing restriction bypass vulnerability in Bulletin (CWE-284) - CVE-2022-30943 CVE-2022-30602 Shuichi Uruma reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. CVE-2022-30943 Yuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. CVE-2022-29512 Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. [Updated on 2022 July 6] The developer identified that [CyVDB-3111] was not a vulnerability after the further investigation. Therefore the JVN advisory was updated by crossing out the description regarding [CyVDB-3111].
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000051.html",
  "dc:date": "2024-06-17T16:49+09:00",
  "dcterms:issued": "2022-07-04T14:17+09:00",
  "dcterms:modified": "2024-06-17T16:49+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n  * [CyVDB-2909] Operation restriction bypass in multiple applications (CWE-285) - CVE-2022-30602\r\n  * [CyVDB-3042] Information disclosure in multiple applications (CWE-200) - CVE-2022-29512\r\n  \u003cs\u003e* [CyVDB-3111] Improper input validation in multiple applications (CWE-20) - CVE-2022-29926\u003c/s\u003e\r\n  * [CyVDB-3143] Browsing restriction bypass vulnerability in Bulletin (CWE-284) - CVE-2022-30943\r\n\r\nCVE-2022-30602\r\nShuichi Uruma reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2022-30943\r\nYuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2022-29512\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.\r\n\r\n[Updated on 2022 July 6]\r\nThe developer identified that [CyVDB-3111] was not a vulnerability after the further investigation.\r\nTherefore the JVN advisory was updated by crossing out the description regarding [CyVDB-3111].",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000051.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "5.4",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2022-000051",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN14077132/index.html",
      "@id": "JVN#14077132",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-30602",
      "@id": "CVE-2022-30602",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29512",
      "@id": "CVE-2022-29512",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29926",
      "@id": "CVE-2022-29926",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-30943",
      "@id": "CVE-2022-30943",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30602",
      "@id": "CVE-2022-30602",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29512",
      "@id": "CVE-2022-29512",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29926",
      "@id": "CVE-2022-29926",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30943",
      "@id": "CVE-2022-30943",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Garoon"
}

jvndb-2022-000035
Vulnerability from jvndb
Published
2022-05-16 14:25
Modified
2024-06-17 16:34
Severity ?
5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * [CyVDB-1584][CyVDB-2670] Operation restriction bypass vulnerability in Bulletin (CWE-285) - CVE-2022-28718 * [CyVDB-1865][CyVDB-2692] Operation restriction bypass vulnerability in Workflow (CWE-285) - CVE-2022-27661 * [CyVDB-2660] Improper input validation vulnerability in Space (CWE-20) - CVE-2022-29892 * [CyVDB-2667] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2022-29513 * [CyVDB-2685] Browse restriction bypass vulnerability in Bulletin (CWE-284) - CVE-2022-29471 * [CyVDB-2689] Operation restriction bypass vulnerability in Portal (CWE-285) - CVE-2022-26051 * [CyVDB-2718] Improper input validation vulnerability in Scheduler (CWE-20) - CVE-2022-28692 * [CyVDB-2839] Improper input validation vulnerability in Space (CWE-20) - CVE-2022-27803 * [CyVDB-2841] Browse restriction bypass and operation restriction bypass vulnerability in Cabinet (CWE-285) - CVE-2022-26368 * [CyVDB-2889] Cross-site scripting vulnerability in Organization's Information (CWE-79) - CVE-2022-27627 * [CyVDB-2897] Operation restriction bypass vulnerability in Link (CWE-285) - CVE-2022-26054 * [CyVDB-2906] Improper input validation vulnerability in Link (CWE-20) - CVE-2022-27807 * [CyVDB-2932] Address information disclosure vulnerability (CWE-200) - CVE-2022-29467 * [CyVDB-2940] Improper authentication vulnerability in Scheduler (CWE-287) - CVE-2022-28713 * [CyVDB-3001] Operation restriction bypass vulnerability in Space (CWE-285) - CVE-2022-29484 * [CyVDB-2911] Browse restriction bypass vulnerability in Cabinet (CWE-284) - CVE-2022-31472 CVE-2022-27627 Masato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. CVE-2022-26054, CVE-2022-26368, CVE-2022-31472 Yuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. CVE-2022-26051, CVE-2022-27661, CVE-2022-27803, CVE-2022-27807, CVE-2022-28692, CVE-2022-28713, CVE-2022-28718, CVE-2022-29467, CVE-2022-29471, CVE-2022-29484, CVE-2022-29513, CVE-2022-29892 Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
JVN http://jvn.jp/en/jp/JVN73897863/index.html
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26051
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26054
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26368
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27627
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27661
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27803
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27807
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28692
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28713
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28718
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29467
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29471
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29484
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29513
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29892
CVE https://www.cve.org/CVERecord?id=CVE-2022-31472
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-26051
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-26054
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-26368
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-27627
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-27661
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-27803
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-27807
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-28692
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-28713
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-28718
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-29467
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-29471
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-29484
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-29513
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-29892
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-31472
Improper Input Validation(CWE-20) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Information Exposure(CWE-200) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Permissions(CWE-264) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Improper Authentication(CWE-287) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
No Mapping(CWE-Other) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000035.html",
  "dc:date": "2024-06-17T16:34+09:00",
  "dcterms:issued": "2022-05-16T14:25+09:00",
  "dcterms:modified": "2024-06-17T16:34+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n* [CyVDB-1584][CyVDB-2670] Operation restriction bypass vulnerability in Bulletin (CWE-285) - CVE-2022-28718\r\n* [CyVDB-1865][CyVDB-2692] Operation restriction bypass vulnerability in Workflow (CWE-285) - CVE-2022-27661\r\n* [CyVDB-2660] Improper input validation vulnerability in Space (CWE-20) - CVE-2022-29892\r\n* [CyVDB-2667] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2022-29513\r\n* [CyVDB-2685] Browse restriction bypass vulnerability in Bulletin (CWE-284) - CVE-2022-29471\r\n* [CyVDB-2689] Operation restriction bypass vulnerability in Portal (CWE-285) - CVE-2022-26051\r\n* [CyVDB-2718] Improper input validation vulnerability in Scheduler (CWE-20) - CVE-2022-28692\r\n* [CyVDB-2839] Improper input validation vulnerability in Space (CWE-20) - CVE-2022-27803\r\n* [CyVDB-2841] Browse restriction bypass and operation restriction bypass vulnerability in Cabinet (CWE-285) - CVE-2022-26368\r\n* [CyVDB-2889] Cross-site scripting vulnerability in Organization\u0027s Information (CWE-79) - CVE-2022-27627\r\n* [CyVDB-2897] Operation restriction bypass vulnerability in Link (CWE-285) - CVE-2022-26054\r\n* [CyVDB-2906] Improper input validation vulnerability in Link (CWE-20) - CVE-2022-27807\r\n* [CyVDB-2932] Address information disclosure vulnerability (CWE-200) - CVE-2022-29467\r\n* [CyVDB-2940] Improper authentication vulnerability in Scheduler (CWE-287) - CVE-2022-28713\r\n* [CyVDB-3001] Operation restriction bypass vulnerability in Space (CWE-285) - CVE-2022-29484\r\n* [CyVDB-2911] Browse restriction bypass vulnerability in Cabinet (CWE-284) - CVE-2022-31472\r\n\r\nCVE-2022-27627\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2022-26054, CVE-2022-26368, CVE-2022-31472\r\nYuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2022-26051, CVE-2022-27661, CVE-2022-27803, CVE-2022-27807, CVE-2022-28692, CVE-2022-28713, CVE-2022-28718, CVE-2022-29467, CVE-2022-29471, CVE-2022-29484, CVE-2022-29513, CVE-2022-29892\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000035.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2022-000035",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN73897863/index.html",
      "@id": "JVN#73897863",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26051",
      "@id": "CVE-2022-26051",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26054",
      "@id": "CVE-2022-26054",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26368",
      "@id": "CVE-2022-26368",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27627",
      "@id": "CVE-2022-27627",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27661",
      "@id": "CVE-2022-27661",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27803",
      "@id": "CVE-2022-27803",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27807",
      "@id": "CVE-2022-27807",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28692",
      "@id": "CVE-2022-28692",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28713",
      "@id": "CVE-2022-28713",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28718",
      "@id": "CVE-2022-28718",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29467",
      "@id": "CVE-2022-29467",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29471",
      "@id": "CVE-2022-29471",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29484",
      "@id": "CVE-2022-29484",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29513",
      "@id": "CVE-2022-29513",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29892",
      "@id": "CVE-2022-29892",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-31472",
      "@id": "CVE-2022-31472",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26051",
      "@id": "CVE-2022-26051",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26054",
      "@id": "CVE-2022-26054",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26368",
      "@id": "CVE-2022-26368",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-27627",
      "@id": "CVE-2022-27627",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-27661",
      "@id": "CVE-2022-27661",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-27803",
      "@id": "CVE-2022-27803",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-27807",
      "@id": "CVE-2022-27807",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28692",
      "@id": "CVE-2022-28692",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28713",
      "@id": "CVE-2022-28713",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28718",
      "@id": "CVE-2022-28718",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29467",
      "@id": "CVE-2022-29467",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29471",
      "@id": "CVE-2022-29471",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29484",
      "@id": "CVE-2022-29484",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29513",
      "@id": "CVE-2022-29513",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29892",
      "@id": "CVE-2022-29892",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-31472",
      "@id": "CVE-2022-31472",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-287",
      "@title": "Improper Authentication(CWE-287)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Garoon"
}

jvndb-2021-000073
Vulnerability from jvndb
Published
2021-08-02 16:42
Modified
2022-05-24 15:16
Severity ?
5.4 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * [CyVDB-1782] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2021-20753 * [CyVDB-2029] Improper input validation vulnerability in Workflow (CWE-20) - CVE-2021-20754 * [CyVDB-2071] Viewing restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20755 * [CyVDB-2085] Viewing restrictions bypass vulnerability in Address (CWE-264) - CVE-2021-20756 * [CyVDB-2092] Operational restrictions bypass vulnerability in E-mail (CWE-264) - CVE-2021-20757 * [CyVDB-2099] Cross-site request forgery vulnerability in Message (CWE-352) - CVE-2021-20758 * [CyVDB-2103] Operational restrictions bypass vulnerability in Bulletin (CWE-264) - CVE-2021-20759 * [CyVDB-2234] Improper input validation vulnerability in User Profile (CWE-20) - CVE-2021-20760 * [CyVDB-2245][CyVDB-2374] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20761 * [CyVDB-2283] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20762 * [CyVDB-2368] Operational restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20763 * [CyVDB-2388] Improper input validation vulnerability in Attaching Files (CWE-20) - CVE-2021-20764 * [CyVDB-2406] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20765 * [CyVDB-2407] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20766 * [CyVDB-2446] Cross-site scripting vulnerability in Full Text Search (CWE-79) - CVE-2021-20767 * [CyVDB-2448] Operational restrictions bypass vulnerability in Scheduler and MultiReport (CWE-264) - CVE-2021-20768 * [CyVDB-2568] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20769 * [CyVDB-2659] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20770 * [CyVDB-2193] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20771 * [CyVDB-2479] Title information disclosure vulnerability in Bulletin (CWE-264) - CVE-2021-20772 * [CyVDB-2755] Vulnerability where route information of Workflow is deleted unintentionally - CVE-2021-20773 * [CyVDB-2766] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20774 * [CyVDB-2903] Comment destination information disclosure vulnerability (CWE-20) - CVE-2021-20775 CVE-2021-20753 Masato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solutions through JVN. CVE-2021-20755, CVE-2021-20764, CVE-2021-20765, CVE-2021-20766 Yuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. CVE-2021-20760, CVE-2021-20761, CVE-2021-20767 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. CVE-2021-20771 Ren Hirasawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solutions through JVN. CVE-2021-20754, CVE-2021-20756, CVE-2021-20757, CVE-2021-20758, CVE-2021-20759, CVE-2021-20762, CVE-2021-20763, CVE-2021-20768, CVE-2021-20769, CVE-2021-20770, CVE-2021-20772, CVE-2021-20773, CVE-2021-20774, CVE-2021-20775 Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
References
JVN https://jvn.jp/en/jp/JVN54794245/index.html
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20753
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20754
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20755
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20756
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20757
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20758
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20759
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20760
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20761
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20762
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20763
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20764
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20765
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20766
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20767
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20768
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20769
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20770
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20771
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20772
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20773
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20774
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20775
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20753
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20754
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20755
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20756
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20757
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20758
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20759
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20760
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20761
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20762
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20763
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20766
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20767
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20768
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20769
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20770
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20771
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20772
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20773
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20774
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20775
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20764
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20765
Improper Input Validation(CWE-20) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Permissions(CWE-264) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Cross-Site Request Forgery(CWE-352) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000073.html",
  "dc:date": "2022-05-24T15:16+09:00",
  "dcterms:issued": "2021-08-02T16:42+09:00",
  "dcterms:modified": "2022-05-24T15:16+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n* [CyVDB-1782] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2021-20753\r\n* [CyVDB-2029] Improper input validation vulnerability in Workflow (CWE-20) - CVE-2021-20754\r\n* [CyVDB-2071] Viewing restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20755\r\n* [CyVDB-2085] Viewing restrictions bypass vulnerability in Address (CWE-264) - CVE-2021-20756\r\n* [CyVDB-2092] Operational restrictions bypass vulnerability in E-mail (CWE-264) - CVE-2021-20757\r\n* [CyVDB-2099] Cross-site request forgery vulnerability in Message (CWE-352) - CVE-2021-20758\r\n* [CyVDB-2103] Operational restrictions bypass vulnerability in Bulletin (CWE-264) - CVE-2021-20759\r\n* [CyVDB-2234] Improper input validation vulnerability in User Profile (CWE-20) - CVE-2021-20760\r\n* [CyVDB-2245][CyVDB-2374] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20761\r\n* [CyVDB-2283] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20762\r\n* [CyVDB-2368] Operational restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20763\r\n* [CyVDB-2388] Improper input validation vulnerability in Attaching Files (CWE-20) - CVE-2021-20764\r\n* [CyVDB-2406] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20765\r\n* [CyVDB-2407] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20766\r\n* [CyVDB-2446] Cross-site scripting vulnerability in Full Text Search (CWE-79) - CVE-2021-20767\r\n* [CyVDB-2448] Operational restrictions bypass vulnerability in Scheduler and MultiReport (CWE-264) - CVE-2021-20768\r\n* [CyVDB-2568] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20769\r\n* [CyVDB-2659] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20770\r\n* [CyVDB-2193] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20771\r\n* [CyVDB-2479] Title information disclosure vulnerability in Bulletin (CWE-264) - CVE-2021-20772\r\n* [CyVDB-2755] Vulnerability where route information of Workflow is deleted unintentionally - CVE-2021-20773\r\n* [CyVDB-2766] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20774\r\n* [CyVDB-2903] Comment destination information disclosure vulnerability (CWE-20) - CVE-2021-20775\r\n\r\nCVE-2021-20753\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20755, CVE-2021-20764, CVE-2021-20765, CVE-2021-20766\r\nYuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20760, CVE-2021-20761, CVE-2021-20767\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20771\r\nRen Hirasawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20754, CVE-2021-20756, CVE-2021-20757, CVE-2021-20758, CVE-2021-20759, CVE-2021-20762, CVE-2021-20763, CVE-2021-20768, CVE-2021-20769, CVE-2021-20770, CVE-2021-20772, CVE-2021-20773, CVE-2021-20774, CVE-2021-20775\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000073.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "5.4",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000073",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN54794245/index.html",
      "@id": "JVN#54794245",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20753",
      "@id": "CVE-2021-20753",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20754",
      "@id": "CVE-2021-20754",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20755",
      "@id": "CVE-2021-20755",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20756",
      "@id": "CVE-2021-20756",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20757",
      "@id": "CVE-2021-20757",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20758",
      "@id": "CVE-2021-20758",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20759",
      "@id": "CVE-2021-20759",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20760",
      "@id": "CVE-2021-20760",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20761",
      "@id": "CVE-2021-20761",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20762",
      "@id": "CVE-2021-20762",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20763",
      "@id": "CVE-2021-20763",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20764",
      "@id": "CVE-2021-20764",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20765",
      "@id": "CVE-2021-20765",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20766",
      "@id": "CVE-2021-20766",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20767",
      "@id": "CVE-2021-20767",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20768",
      "@id": "CVE-2021-20768",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20769",
      "@id": "CVE-2021-20769",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20770",
      "@id": "CVE-2021-20770",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20771",
      "@id": "CVE-2021-20771",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20772",
      "@id": "CVE-2021-20772",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20773",
      "@id": "CVE-2021-20773",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20774",
      "@id": "CVE-2021-20774",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20775",
      "@id": "CVE-2021-20775",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20753",
      "@id": "CVE-2021-20753",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20754",
      "@id": "CVE-2021-20754",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20755",
      "@id": "CVE-2021-20755",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20756",
      "@id": "CVE-2021-20756",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20757",
      "@id": "CVE-2021-20757",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20758",
      "@id": "CVE-2021-20758",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20759",
      "@id": "CVE-2021-20759",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20760",
      "@id": "CVE-2021-20760",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20761",
      "@id": "CVE-2021-20761",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20762",
      "@id": "CVE-2021-20762",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20763",
      "@id": "CVE-2021-20763",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20766",
      "@id": "CVE-2021-20766",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20767",
      "@id": "CVE-2021-20767",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20768",
      "@id": "CVE-2021-20768",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20769",
      "@id": "CVE-2021-20769",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20770",
      "@id": "CVE-2021-20770",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20771",
      "@id": "CVE-2021-20771",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20772",
      "@id": "CVE-2021-20772",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20773",
      "@id": "CVE-2021-20773",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20774",
      "@id": "CVE-2021-20774",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20775",
      "@id": "CVE-2021-20775",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20764",
      "@id": "CVE-2021-20764",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20765",
      "@id": "CVE-2021-20765",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Garoon"
}

jvndb-2020-000071
Vulnerability from jvndb
Published
2020-11-05 11:43
Modified
2021-08-02 11:08
Severity ?
4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Cybozu Garoon vulnerable to improper input validation
Details
Cybozu Garoon provided by Cybozu, Inc. contains an improper input validation vulnerability (CWE-20). Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000071.html",
  "dc:date": "2021-08-02T11:08+09:00",
  "dcterms:issued": "2020-11-05T11:43+09:00",
  "dcterms:modified": "2021-08-02T11:08+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains an improper input validation vulnerability (CWE-20).\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000071.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000071",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN57942454/index.html",
      "@id": "JVN#57942454",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5643",
      "@id": "CVE-2020-5643",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5643",
      "@id": "CVE-2020-5643",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    }
  ],
  "title": "Cybozu Garoon vulnerable to improper input validation"
}

jvndb-2020-000042
Vulnerability from jvndb
Published
2020-06-29 16:17
Modified
2020-06-29 16:17
Severity ?
8.5 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu, Inc. has released security updates for Cybozu Garoon. * [CyVDB-2083] Vulnerability in Single sign-on settings to avoid viewing and operation privileges - CVE-2020-5580 * [CyVDB-2451] Path traversal vulnerability on the portal - CVE-2020-5581 * [CyVDB-2097] Vulnerability to bypass operation privileges on attachments - CVE-2020-5582 * [CyVDB-2289] Vulnerability in the Multi-Report to bypass view privileges - CVE-2020-5583 * [CyVDB-2305] Vulnerability to token-related information leakage - CVE-2020-5584 * [CyVDB-2308] Cross-site scripting vulnerability related to image asset functionality - CVE-2020-5585 * [CyVDB-2309] Cross-site scripting vulnerability in system configuration - CVE-2020-5586 * [CyVDB-2361] Vulnerability to token-related information leakage - CVE-2020-5587 * [CyVDB-2450] Path traversal vulnerability on the portal - CVE-2020-5588 Kanta Nishitani reported CVE-2020-5580 and CVE-2020-5584 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. Tanghaifeng reported CVE-2020-5582 and CVE-2020-5583 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. Yuji Tounai reported CVE-2020-5587 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. Cybozu, Inc. reported CVE-2020-5581, CVE-2020-5585, CVE-2020-5586 and CVE-2020-5588 vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000042.html",
  "dc:date": "2020-06-29T16:17+09:00",
  "dcterms:issued": "2020-06-29T16:17+09:00",
  "dcterms:modified": "2020-06-29T16:17+09:00",
  "description": "Cybozu, Inc. has released security updates for Cybozu Garoon.\r\n\r\n* [CyVDB-2083] Vulnerability in Single sign-on settings to avoid viewing and operation privileges - CVE-2020-5580\r\n* [CyVDB-2451] Path traversal vulnerability on the portal - CVE-2020-5581\r\n* [CyVDB-2097] Vulnerability to bypass operation privileges on attachments - CVE-2020-5582\r\n* [CyVDB-2289] Vulnerability in the Multi-Report to bypass view privileges - CVE-2020-5583\r\n* [CyVDB-2305] Vulnerability to token-related information leakage - CVE-2020-5584\r\n* [CyVDB-2308] Cross-site scripting vulnerability related to image asset functionality - CVE-2020-5585\r\n* [CyVDB-2309] Cross-site scripting vulnerability in system configuration - CVE-2020-5586\r\n* [CyVDB-2361] Vulnerability to token-related information leakage - CVE-2020-5587\r\n* [CyVDB-2450] Path traversal vulnerability on the portal - CVE-2020-5588\r\n\r\n\r\nKanta Nishitani reported CVE-2020-5580 and CVE-2020-5584 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\n Tanghaifeng reported CVE-2020-5582 and CVE-2020-5583 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\n Yuji Tounai reported CVE-2020-5587 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\n Cybozu, Inc. reported CVE-2020-5581, CVE-2020-5585, CVE-2020-5586 and CVE-2020-5588 vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000042.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "8.5",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000042",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN55497111/index.html",
      "@id": "JVN#55497111",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5580",
      "@id": "CVE-2020-5580",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5581",
      "@id": "CVE-2020-5581",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5582",
      "@id": "CVE-2020-5582",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5583",
      "@id": "CVE-2020-5583",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5584",
      "@id": "CVE-2020-5584",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5585",
      "@id": "CVE-2020-5585",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5586",
      "@id": "CVE-2020-5586",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5587",
      "@id": "CVE-2020-5587",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5588",
      "@id": "CVE-2020-5588",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5580",
      "@id": "CVE-2020-5580",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5581",
      "@id": "CVE-2020-5581",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5582",
      "@id": "CVE-2020-5582",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5583",
      "@id": "CVE-2020-5583",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5584",
      "@id": "CVE-2020-5584",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5585",
      "@id": "CVE-2020-5585",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5586",
      "@id": "CVE-2020-5586",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5587",
      "@id": "CVE-2020-5587",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5588",
      "@id": "CVE-2020-5588",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Garoon"
}

jvndb-2020-000027
Vulnerability from jvndb
Published
2020-04-28 14:48
Modified
2020-04-28 14:48
Severity ?
5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Cybozu Garoon contains multiple vulnerabilities
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. *Authentication bypass in the API used to specify the fields (CWE-287) - CVE-2020-5563 *Cross-site scripting in the application "E-mail" (CWE-79) - CVE-2020-5564 *Input validation bypass in the applications "Workflow" and "MultiReport" (CWE-20) - CVE-2020-5565 *Improper authorization process in the applications "E-mail" and "Messages" (CWE-285) - CVE-2020-5566 *Improper authentication in Application Menu (CWE-287) - CVE-2020-5567 *Cross-site scripting in the applications "Messages" and "Bulletin Board" (CWE-79) - CVE-2020-5568 Cybozu, Inc. reported the following vulnerabilities to JPCERT/CC to notify users of the solution through JVN. CVE-2020-5563, CVE-2020-5566 and CVE-2020-5568 by Cybozu, Inc. CVE-2020-5564 by Masato Kinugawa CVE-2020-5565 by Tanghaifeng CVE-2020-5567 by Shuichi Uruma
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000027.html",
  "dc:date": "2020-04-28T14:48+09:00",
  "dcterms:issued": "2020-04-28T14:48+09:00",
  "dcterms:modified": "2020-04-28T14:48+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n*Authentication bypass in the API used to specify the fields (CWE-287) - CVE-2020-5563\r\n*Cross-site scripting in the application \"E-mail\" (CWE-79) - CVE-2020-5564\r\n*Input validation bypass in the applications \"Workflow\" and \"MultiReport\" (CWE-20) - CVE-2020-5565 \r\n*Improper authorization process in the applications \"E-mail\" and \"Messages\" (CWE-285) - CVE-2020-5566 \r\n*Improper authentication in Application Menu (CWE-287) - CVE-2020-5567\r\n*Cross-site scripting in the applications \"Messages\" and \"Bulletin Board\" (CWE-79) - CVE-2020-5568\r\n\r\nCybozu, Inc. reported the following vulnerabilities to JPCERT/CC to notify users of the solution through JVN.\r\n\r\nCVE-2020-5563, CVE-2020-5566 and CVE-2020-5568 by Cybozu, Inc.\r\nCVE-2020-5564 by Masato Kinugawa\r\nCVE-2020-5565 by Tanghaifeng\r\nCVE-2020-5567 by Shuichi Uruma",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000027.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000027",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN35649781/index.html",
      "@id": "JVN#35649781",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5563",
      "@id": "CVE-2020-5563",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5564",
      "@id": "CVE-2020-5564",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5565",
      "@id": "CVE-2020-5565",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5566",
      "@id": "CVE-2020-5566",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5567",
      "@id": "CVE-2020-5567",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5568",
      "@id": "CVE-2020-5568",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5563",
      "@id": "CVE-2020-5563",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5564",
      "@id": "CVE-2020-5564",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5565",
      "@id": "CVE-2020-5565",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5566",
      "@id": "CVE-2020-5566",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5567",
      "@id": "CVE-2020-5567",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5568",
      "@id": "CVE-2020-5568",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Cybozu Garoon contains multiple vulnerabilities"
}

jvndb-2019-000054
Vulnerability from jvndb
Published
2019-08-26 13:48
Modified
2019-10-08 16:48
Severity ?
7.6 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Summary
Cybozu Garoon vulnerable to SQL injection
Details
Cybozu Garoon provided by Cybozu, Inc. contains an SQL injection vulnerability (CWE-89) in the processing of Todo portlet. Shoji Baba reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000054.html",
  "dc:date": "2019-10-08T16:48+09:00",
  "dcterms:issued": "2019-08-26T13:48+09:00",
  "dcterms:modified": "2019-10-08T16:48+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains an SQL injection vulnerability (CWE-89) in the processing of Todo portlet.\r\n\r\nShoji Baba reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000054.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.6",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2019-000054",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN71877187/index.html",
      "@id": "JVN#71877187",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5991",
      "@id": "CVE-2019-5991",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5991",
      "@id": "CVE-2019-5991",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    }
  ],
  "title": "Cybozu Garoon vulnerable to SQL injection"
}

jvndb-2019-000047
Vulnerability from jvndb
Published
2019-07-16 16:08
Modified
2019-10-08 17:19
Severity ?
4.9 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * DOM-based cross-site scripting in the application "Portal" (CWE-79) - CVE-2019-5975 * Denial-of-service (DoS) (CWE-20) - CVE-2019-5976 * Mail header injection in the application "E-mail" (CWE-74) - CVE-2019-5977 * Open redirect in the application "Scheduler" (CWE-601) - CVE-2019-5978 Masato Kinugawa reported CVE-2019-5975 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. Kanta Nishitani reported CVE-2019-5976 and CVE-2019-5978 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. Shuichi Uruma reported CVE-2019-5977 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000047.html",
  "dc:date": "2019-10-08T17:19+09:00",
  "dcterms:issued": "2019-07-16T16:08+09:00",
  "dcterms:modified": "2019-10-08T17:19+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n* DOM-based cross-site scripting in the application \"Portal\" (CWE-79) - CVE-2019-5975 \r\n* Denial-of-service (DoS) (CWE-20) - CVE-2019-5976 \r\n* Mail header injection in the application \"E-mail\" (CWE-74) - CVE-2019-5977 \r\n* Open redirect in the application \"Scheduler\" (CWE-601) - CVE-2019-5978\r\n\r\n Masato Kinugawa reported CVE-2019-5975 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\n Kanta Nishitani reported CVE-2019-5976 and CVE-2019-5978 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\n Shuichi Uruma reported CVE-2019-5977 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000047.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
      "@version": "2.0"
    },
    {
      "@score": "4.9",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2019-000047",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN62618482/index.html",
      "@id": "JVN#62618482",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5975",
      "@id": "CVE-2019-5975",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5976",
      "@id": "CVE-2019-5976",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5977",
      "@id": "CVE-2019-5977",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5978",
      "@id": "CVE-2019-5978",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5975",
      "@id": "CVE-2019-5975",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5976",
      "@id": "CVE-2019-5976",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5977",
      "@id": "CVE-2019-5977",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5978",
      "@id": "CVE-2019-5978",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Garoon"
}

jvndb-2019-000023
Vulnerability from jvndb
Published
2019-04-25 17:13
Modified
2023-11-08 16:39
Severity ?
6.0 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * Cross-site scripting in the additional processing of Customize Item function (CWE-79) - CVE-2019-5928 * Cross-site scripting in the application "Memo" (CWE-79) - CVE-2019-5929 * Browse restriction bypass in the application "Management of Basic System" (CWE-264) - CVE-2019-5930 * Improper verification of file path in installer (CWE-20) - CVE-2019-5931 * Stored cross-site scripting in the application "Portal" (CWE-79) - CVE-2019-5932 * Browse restriction bypass in the application "Bulletin" (CWE-284) - CVE-2019-5933 * SQL injection in the Log Search function of application "logging" (CWE-89) - CVE-2019-5934 * Operation restriction bypass in the Item function of User Information (CWE-264) - CVE-2019-5935 * Directory traversal in the application "Work Flow" (CWE-22) - CVE-2019-5936 * Cross-site scripting in the user information (CWE-79) - CVE-2019-5937 * Stored cross-site scripting in the application "Mail" (CWE-79) - CVE-2019-5938 * Cross-site scripting in the application "Portal" (CWE-79) - CVE-2019-5939 * Cross-site scripting in the application "Scheduler" (CWE-79) - CVE-2019-5940 * Operation restriction bypass in the application "Multi Report" (CWE-264) - CVE-2019-5941 * Browse restriction bypass in the Multiple Files Download function of application "Cabinet" (CWE-284) - CVE-2019-5942 * Browse restriction bypass in the application "Bulletin" and the application "Cabinet" (CWE-284) - CVE-2019-5943 * Operation restriction bypass in the application "Address" (CWE-264) - CVE-2019-5944 * Information disclosure in the authentication of Cybozu Garoon (CWE-287) - CVE-2019-5945 * Open redirect in the Login Screen (CWE-601) - CVE-2019-5946 * Cross-site scripting in the application "Cabinet" (CWE-79) - CVE-2019-5947 * Server-side request forgery in the V-CUBE Meeting function (CWE-918) - CVE-2020-5562 Cybozu, Inc. reported the following vulnerabilities to JPCERT/CC to notify users of the solution through JVN. * CVE-2019-5928, CVE-2019-5930, CVE-2019-5931, CVE-2019-5932, CVE-2019-5935, CVE-2019-5936, CVE-2019-5942 and CVE-2019-5947 by Cybozu, Inc. * CVE-2019-5929, CVE-2019-5937, CVE-2019-5938, CVE-2019-5939 and CVE-2019-5940 by Masato Kinugawa * CVE-2019-5933, CVE-2019-5941 and CVE-2019-5946 by Yuji Tounai * CVE-2019-5934 and CVE-2019-5945 by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. * CVE-2019-5943 by ixama * CVE-2019-5944 by Tanghaifeng * CVE-2020-5562 by Kanta Nishitani
References
JVN https://jvn.jp/en/jp/JVN58849431/index.html
CVE https://www.cve.org/CVERecord?id=CVE-2020-5562
CVE https://www.cve.org/CVERecord?id=CVE-2019-5928
CVE https://www.cve.org/CVERecord?id=CVE-2019-5929
CVE https://www.cve.org/CVERecord?id=CVE-2019-5930
CVE https://www.cve.org/CVERecord?id=CVE-2019-5931
CVE https://www.cve.org/CVERecord?id=CVE-2019-5932
CVE https://www.cve.org/CVERecord?id=CVE-2019-5933
CVE https://www.cve.org/CVERecord?id=CVE-2019-5934
CVE https://www.cve.org/CVERecord?id=CVE-2019-5935
CVE https://www.cve.org/CVERecord?id=CVE-2019-5936
CVE https://www.cve.org/CVERecord?id=CVE-2019-5937
CVE https://www.cve.org/CVERecord?id=CVE-2019-5938
CVE https://www.cve.org/CVERecord?id=CVE-2019-5939
CVE https://www.cve.org/CVERecord?id=CVE-2019-5940
CVE https://www.cve.org/CVERecord?id=CVE-2019-5941
CVE https://www.cve.org/CVERecord?id=CVE-2019-5942
CVE https://www.cve.org/CVERecord?id=CVE-2019-5943
CVE https://www.cve.org/CVERecord?id=CVE-2019-5944
CVE https://www.cve.org/CVERecord?id=CVE-2019-5945
CVE https://www.cve.org/CVERecord?id=CVE-2019-5946
CVE https://www.cve.org/CVERecord?id=CVE-2019-5947
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5928
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5929
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5930
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5931
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5932
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5933
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5934
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5935
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5936
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5937
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5938
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5939
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5940
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5941
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5942
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5943
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5944
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5945
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5946
NVD https://nvd.nist.gov/vuln/detail/CVE-2019-5947
NVD https://nvd.nist.gov/vuln/detail/CVE-2020-5562
Improper Input Validation(CWE-20) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Information Exposure(CWE-200) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Path Traversal(CWE-22) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Permissions(CWE-264) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
SQL Injection(CWE-89) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
No Mapping(CWE-Other) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000023.html",
  "dc:date": "2023-11-08T16:39+09:00",
  "dcterms:issued": "2019-04-25T17:13+09:00",
  "dcterms:modified": "2023-11-08T16:39+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n\r\n* Cross-site scripting in the additional processing of Customize Item function (CWE-79) - CVE-2019-5928\r\n* Cross-site scripting in the application \"Memo\" (CWE-79) - CVE-2019-5929\r\n* Browse restriction bypass in the application \"Management of Basic System\" (CWE-264) - CVE-2019-5930\r\n* Improper verification of file path in installer (CWE-20) - CVE-2019-5931\r\n* Stored cross-site scripting in the application \"Portal\" (CWE-79) - CVE-2019-5932\r\n* Browse restriction bypass in the application \"Bulletin\" (CWE-284) - CVE-2019-5933\r\n* SQL injection in the Log Search function of application \"logging\" (CWE-89) - CVE-2019-5934\r\n* Operation restriction bypass in the Item function of User Information (CWE-264) - CVE-2019-5935\r\n* Directory traversal in the application \"Work Flow\" (CWE-22) - CVE-2019-5936\r\n* Cross-site scripting in the user information (CWE-79) - CVE-2019-5937\r\n* Stored cross-site scripting in the application \"Mail\" (CWE-79) - CVE-2019-5938\r\n* Cross-site scripting in the application \"Portal\" (CWE-79) - CVE-2019-5939\r\n* Cross-site scripting in the application \"Scheduler\" (CWE-79) - CVE-2019-5940\r\n* Operation restriction bypass in the application \"Multi Report\" (CWE-264) - CVE-2019-5941\r\n* Browse restriction bypass in the Multiple Files Download function of application \"Cabinet\" (CWE-284) - CVE-2019-5942\r\n* Browse restriction bypass in the application \"Bulletin\" and the application \"Cabinet\" (CWE-284) - CVE-2019-5943\r\n* Operation restriction bypass in the application \"Address\" (CWE-264) - CVE-2019-5944\r\n* Information disclosure in the authentication of Cybozu Garoon (CWE-287) - CVE-2019-5945\r\n* Open redirect in the Login Screen (CWE-601) - CVE-2019-5946\r\n* Cross-site scripting in the application \"Cabinet\" (CWE-79) - CVE-2019-5947\r\n* Server-side request forgery in the V-CUBE Meeting function (CWE-918) - CVE-2020-5562\r\n\r\nCybozu, Inc. reported the following vulnerabilities to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n* CVE-2019-5928, CVE-2019-5930, CVE-2019-5931, CVE-2019-5932, CVE-2019-5935, CVE-2019-5936, CVE-2019-5942 and CVE-2019-5947 by Cybozu, Inc.\r\n* CVE-2019-5929, CVE-2019-5937, CVE-2019-5938, CVE-2019-5939 and CVE-2019-5940 by Masato Kinugawa\r\n* CVE-2019-5933, CVE-2019-5941 and CVE-2019-5946 by Yuji Tounai\r\n* CVE-2019-5934 and CVE-2019-5945 by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.\r\n* CVE-2019-5943 by ixama\r\n* CVE-2019-5944 by Tanghaifeng\r\n* CVE-2020-5562 by Kanta Nishitani",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000023.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2019-000023",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN58849431/index.html",
      "@id": "JVN#58849431",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2020-5562",
      "@id": "CVE-2020-5562",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5928",
      "@id": "CVE-2019-5928",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5929",
      "@id": "CVE-2019-5929",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5930",
      "@id": "CVE-2019-5930",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5931",
      "@id": "CVE-2019-5931",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5932",
      "@id": "CVE-2019-5932",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5933",
      "@id": "CVE-2019-5933",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5934",
      "@id": "CVE-2019-5934",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5935",
      "@id": "CVE-2019-5935",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5936",
      "@id": "CVE-2019-5936",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5937",
      "@id": "CVE-2019-5937",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5938",
      "@id": "CVE-2019-5938",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5939",
      "@id": "CVE-2019-5939",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5940",
      "@id": "CVE-2019-5940",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5941",
      "@id": "CVE-2019-5941",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5942",
      "@id": "CVE-2019-5942",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5943",
      "@id": "CVE-2019-5943",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5944",
      "@id": "CVE-2019-5944",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5945",
      "@id": "CVE-2019-5945",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5946",
      "@id": "CVE-2019-5946",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5947",
      "@id": "CVE-2019-5947",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5928",
      "@id": "CVE-2019-5928",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5929",
      "@id": "CVE-2019-5929",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5930",
      "@id": "CVE-2019-5930",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5931",
      "@id": "CVE-2019-5931",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5932",
      "@id": "CVE-2019-5932",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5933",
      "@id": "CVE-2019-5933",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5934",
      "@id": "CVE-2019-5934",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5935",
      "@id": "CVE-2019-5935",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5936",
      "@id": "CVE-2019-5936",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5937",
      "@id": "CVE-2019-5937",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5938",
      "@id": "CVE-2019-5938",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5939",
      "@id": "CVE-2019-5939",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5940",
      "@id": "CVE-2019-5940",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5941",
      "@id": "CVE-2019-5941",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5942",
      "@id": "CVE-2019-5942",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5943",
      "@id": "CVE-2019-5943",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5944",
      "@id": "CVE-2019-5944",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5945",
      "@id": "CVE-2019-5945",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5946",
      "@id": "CVE-2019-5946",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5947",
      "@id": "CVE-2019-5947",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5562",
      "@id": "CVE-2020-5562",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Garoon"
}

jvndb-2018-000130
Vulnerability from jvndb
Published
2018-12-10 14:14
Modified
2019-08-27 16:54
Severity ?
7.5 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Cybozu Garoon access restriction bypass vulnerability
Details
Single sign-on function of Cybozu Garoon provided by Cybozu, Inc. contains a restriction bypass vulnerability (CWE-284). Kanta Nishitani reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000130.html",
  "dc:date": "2019-08-27T16:54+09:00",
  "dcterms:issued": "2018-12-10T14:14+09:00",
  "dcterms:modified": "2019-08-27T16:54+09:00",
  "description": "Single sign-on function of Cybozu Garoon provided by Cybozu, Inc. contains a restriction bypass vulnerability (CWE-284).\r\n\r\nKanta Nishitani reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000130.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "7.5",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000130",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN25385698/index.html",
      "@id": "JVN#25385698",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16178",
      "@id": "CVE-2018-16178",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16178",
      "@id": "CVE-2018-16178",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Cybozu Garoon access restriction bypass vulnerability"
}

jvndb-2018-000099
Vulnerability from jvndb
Published
2018-09-10 14:01
Modified
2019-07-26 15:28
Severity ?
6.4 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Summary
Cybozu Garoon vulnerable to directory traversal
Details
Cybozu Garoon provided by Cybozu, Inc. contains a directory traversal vulnerability (CWE-22) due to a flaw in processing of the session information. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000099.html",
  "dc:date": "2019-07-26T15:28+09:00",
  "dcterms:issued": "2018-09-10T14:01+09:00",
  "dcterms:modified": "2019-07-26T15:28+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains a directory traversal vulnerability (CWE-22) due to a flaw in processing of the session information.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000099.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "6.4",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000099",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN12583112/index.html",
      "@id": "JVN#12583112",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0673",
      "@id": "CVE-2018-0673",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0673",
      "@id": "CVE-2018-0673",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    }
  ],
  "title": "Cybozu Garoon vulnerable to directory traversal"
}

jvndb-2018-000069
Vulnerability from jvndb
Published
2018-07-02 15:22
Modified
2019-07-05 17:55
Severity ?
6.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
Cybozu Garoon vulnerable to SQL injection
Details
Cybozu Garoon provided by Cybozu, Inc. contains an SQL injection vulnerability (CWE-89) in application "Notifications". Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000069.html",
  "dc:date": "2019-07-05T17:55+09:00",
  "dcterms:issued": "2018-07-02T15:22+09:00",
  "dcterms:modified": "2019-07-05T17:55+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains an SQL injection vulnerability (CWE-89) in application \"Notifications\".\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000069.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000069",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN13415512/index.html",
      "@id": "JVN#13415512",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0607",
      "@id": "CVE-2018-0607",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0607",
      "@id": "CVE-2018-0607",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    }
  ],
  "title": "Cybozu Garoon vulnerable to SQL injection"
}

jvndb-2018-000031
Vulnerability from jvndb
Published
2018-04-09 14:27
Modified
2018-06-14 14:33
Severity ?
6.5 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * SQL injection in the application "Address" (CWE-89) - CVE-2018-0530 * Operation restriction bypass in the "Folder settings" (CWE-264) - CVE-2018-0531 * Operation restriction bypass in the setting of Login authentication (CWE-264) - CVE-2018-0532 * Operation restriction bypass in the setting of Session authentication (CWE-264) - CVE-2018-0533 * Browse restriction bypass in the application "Space" (CWE-264) - CVE-2018-0548 * Stored cross-site scripting in "Rich text" of the application "Message" (CWE-79) - CVE-2018-0549 * Browse restriction bypass in the application "Cabinet" (CWE-264) - CVE-2018-0550 * Stored cross-site scripting in "Rich text" of the application "Space" (CWE-79) - CVE-2018-0551 Cybozu, Inc. reported CVE-2018-0530, CVE-2018-0531, CVE-2018-0532, CVE-2018-0533 and CVE-2018-0548 vulnerabilities to JPCERT/CC to notify users of respective solutions through JVN. Jun Kokatsu reported CVE-2018-0549 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. ixama reported CVE-2018-0550 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. Masato Kinugawa reported CVE-2018-0551 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000031.html",
  "dc:date": "2018-06-14T14:33+09:00",
  "dcterms:issued": "2018-04-09T14:27+09:00",
  "dcterms:modified": "2018-06-14T14:33+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n* SQL injection in the application \"Address\" (CWE-89) - CVE-2018-0530\r\n* Operation restriction bypass in the \"Folder settings\" (CWE-264) - CVE-2018-0531\r\n* Operation restriction bypass in the setting of Login authentication (CWE-264) - CVE-2018-0532\r\n* Operation restriction bypass in the setting of Session authentication (CWE-264) - CVE-2018-0533\r\n* Browse restriction bypass in the application \"Space\" (CWE-264) - CVE-2018-0548\r\n* Stored cross-site scripting in \"Rich text\" of the application \"Message\" (CWE-79) - CVE-2018-0549\r\n* Browse restriction bypass in the application \"Cabinet\" (CWE-264) - CVE-2018-0550\r\n* Stored cross-site scripting in \"Rich text\" of the application \"Space\" (CWE-79) - CVE-2018-0551\r\n\r\nCybozu, Inc. reported CVE-2018-0530, CVE-2018-0531, CVE-2018-0532, CVE-2018-0533 and CVE-2018-0548 vulnerabilities to JPCERT/CC to notify users of respective solutions through JVN.\r\n\r\nJun Kokatsu reported CVE-2018-0549 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nixama reported CVE-2018-0550 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nMasato Kinugawa reported CVE-2018-0551 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000031.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000031",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN65268217/index.html",
      "@id": "JVN#65268217",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0530",
      "@id": "CVE-2018-0530",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0531",
      "@id": "CVE-2018-0531",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0532",
      "@id": "CVE-2018-0532",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0533",
      "@id": "CVE-2018-0533",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0548",
      "@id": "CVE-2018-0548",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0549",
      "@id": "CVE-2018-0549",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0550",
      "@id": "CVE-2018-0550",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0551",
      "@id": "CVE-2018-0551",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0530",
      "@id": "CVE-2018-0530",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0531",
      "@id": "CVE-2018-0531",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0532",
      "@id": "CVE-2018-0532",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0533",
      "@id": "CVE-2018-0533",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0548",
      "@id": "CVE-2018-0548",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0549",
      "@id": "CVE-2018-0549",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0550",
      "@id": "CVE-2018-0550",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0551",
      "@id": "CVE-2018-0551",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Garoon"
}

jvndb-2017-000202
Vulnerability from jvndb
Published
2017-08-21 14:30
Modified
2018-02-14 12:25
Severity ?
5.5 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * Denial-of-service (DoS) vulnerability in the application menu's edit function (CWE-20) - CVE-2017-2254 * Stored cross-site scripting in the "Rich text" function of the application "Space" (CWE-79) - CVE-2017-2255 * Stored cross-site scripting in the "Rich text" function of the application "Memo" (CWE-79) - CVE-2017-2256 * Cross-site scripting in the mail function (CWE-79) - CVE-2017-2257 * Directory traversal in the Garoon SOAP API "WorkflowHandleApplications" (CWE-22) - CVE-2017-2258 Cybozu, Inc. reported CVE-2017-2258 vulnerability to JPCERT/CC to notify users of its solution through JVN. Jun Kokatsu reported CVE-2017-2254 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. Masato Kinugawa reported CVE-2017-2255, CVE-2017-2256 and CVE-2017-2257 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000202.html",
  "dc:date": "2018-02-14T12:25+09:00",
  "dcterms:issued": "2017-08-21T14:30+09:00",
  "dcterms:modified": "2018-02-14T12:25+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n\r\n * Denial-of-service (DoS) vulnerability in the application menu\u0027s edit function (CWE-20) - CVE-2017-2254 \r\n * Stored cross-site scripting in the \"Rich text\" function of the application \"Space\" (CWE-79) - CVE-2017-2255\r\n * Stored cross-site scripting in the \"Rich text\" function of the application \"Memo\" (CWE-79) - CVE-2017-2256 \r\n * Cross-site scripting in the mail function (CWE-79) - CVE-2017-2257 \r\n * Directory traversal in the Garoon SOAP API \"WorkflowHandleApplications\" (CWE-22) - CVE-2017-2258 \r\n\r\nCybozu, Inc. reported CVE-2017-2258 vulnerability to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nJun Kokatsu reported CVE-2017-2254 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nMasato Kinugawa reported CVE-2017-2255, CVE-2017-2256 and CVE-2017-2257 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000202.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "5.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000202",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN63564682/index.html",
      "@id": "JVN#63564682",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2254",
      "@id": "CVE-2017-2254",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2255",
      "@id": "CVE-2017-2255",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2256",
      "@id": "CVE-2017-2256",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2257",
      "@id": "CVE-2017-2257",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2258",
      "@id": "CVE-2017-2258",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2254",
      "@id": "CVE-2017-2254",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2255",
      "@id": "CVE-2017-2255",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2256",
      "@id": "CVE-2017-2256",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2257",
      "@id": "CVE-2017-2257",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2258",
      "@id": "CVE-2017-2258",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Garoon"
}

jvndb-2017-000157
Vulnerability from jvndb
Published
2017-07-03 15:23
Modified
2018-02-07 11:52
Severity ?
4.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Cybozu Garoon vulnerable to cross-site scripting
Details
Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting in the application menu. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000157.html",
  "dc:date": "2018-02-07T11:52+09:00",
  "dcterms:issued": "2017-07-03T15:23+09:00",
  "dcterms:modified": "2018-02-07T11:52+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting in the application menu.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000157.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "3.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000157",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN43534286/index.html",
      "@id": "JVN#43534286",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2146",
      "@id": "CVE-2017-2146",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2146",
      "@id": "CVE-2017-2146",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Cybozu Garoon vulnerable to cross-site scripting"
}

jvndb-2017-000155
Vulnerability from jvndb
Published
2017-07-03 15:22
Modified
2018-02-14 11:54
Severity ?
5.4 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Summary
Cybozu Garoon fails to restrict access permission
Details
Cybozu Garoon provided by Cybozu, Inc. contains an improper access restriction. Jun Kokatsu of KDDI Singapore Dubai Branch reported vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000155.html",
  "dc:date": "2018-02-14T11:54+09:00",
  "dcterms:issued": "2017-07-03T15:22+09:00",
  "dcterms:modified": "2018-02-14T11:54+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains an improper access restriction.\r\n\r\nJun Kokatsu of KDDI Singapore Dubai Branch reported vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000155.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "5.4",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000155",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN43534286/index.html",
      "@id": "JVN#43534286",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2144",
      "@id": "CVE-2017-2144",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2144",
      "@id": "CVE-2017-2144",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Cybozu Garoon fails to restrict access permission"
}

jvndb-2017-000156
Vulnerability from jvndb
Published
2017-07-03 15:22
Modified
2018-02-14 11:54
Severity ?
5.4 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
Cybozu Garoon vulnerable to session fixation
Details
Cybozu Garoon provided by Cybozu, Inc. contains a session fixation. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000156.html",
  "dc:date": "2018-02-14T11:54+09:00",
  "dcterms:issued": "2017-07-03T15:22+09:00",
  "dcterms:modified": "2018-02-14T11:54+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains a session fixation.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000156.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.4",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000156",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN43534286/index.html",
      "@id": "JVN#43534286",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2145",
      "@id": "CVE-2017-2145",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2145",
      "@id": "CVE-2017-2145",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Cybozu Garoon vulnerable to session fixation"
}

jvndb-2017-000030
Vulnerability from jvndb
Published
2017-02-20 15:40
Modified
2017-06-01 15:05
Severity ?
4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
Cybozu Garoon vulnerable to information disclosure
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an information disclosure vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000030.html",
  "dc:date": "2017-06-01T15:05+09:00",
  "dcterms:issued": "2017-02-20T15:40+09:00",
  "dcterms:modified": "2017-06-01T15:05+09:00",
  "description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an information disclosure vulnerability.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000030.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000030",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN73182875/index.html",
      "@id": "JVN#73182875",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2093",
      "@id": "CVE-2017-2093",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2093",
      "@id": "CVE-2017-2093",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    }
  ],
  "title": "Cybozu Garoon vulnerable to information disclosure"
}

jvndb-2017-000031
Vulnerability from jvndb
Published
2017-02-20 15:40
Modified
2017-06-01 15:05
Severity ?
4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Cybozu Garoon fails to restrict access permission in Workflow and the function "MultiReport"
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in Workflow and the function "MultiReport". Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000031.html",
  "dc:date": "2017-06-01T15:05+09:00",
  "dcterms:issued": "2017-02-20T15:40+09:00",
  "dcterms:modified": "2017-06-01T15:05+09:00",
  "description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in Workflow and the function \"MultiReport\".\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000031.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000031",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN73182875/index.html",
      "@id": "JVN#73182875",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2094",
      "@id": "CVE-2017-2094",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2094",
      "@id": "CVE-2017-2094",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Cybozu Garoon fails to restrict access permission in Workflow and the function \"MultiReport\""
}

jvndb-2017-000032
Vulnerability from jvndb
Published
2017-02-20 15:40
Modified
2017-06-01 15:05
Severity ?
4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Cybozu Garoon fails to restrict access permission in the mail function
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the mail function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000032.html",
  "dc:date": "2017-06-01T15:05+09:00",
  "dcterms:issued": "2017-02-20T15:40+09:00",
  "dcterms:modified": "2017-06-01T15:05+09:00",
  "description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the mail function.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000032.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000032",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN73182875/index.html",
      "@id": "JVN#73182875",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2095",
      "@id": "CVE-2017-2095",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2095",
      "@id": "CVE-2017-2095",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Cybozu Garoon fails to restrict access permission in the mail function"
}

jvndb-2017-000028
Vulnerability from jvndb
Published
2017-02-20 15:38
Modified
2017-06-01 15:05
Severity ?
4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Cybozu Garoon fails to restrict access permission in the Phone Messages function
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the Phone Messages function Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000028.html",
  "dc:date": "2017-06-01T15:05+09:00",
  "dcterms:issued": "2017-02-20T15:38+09:00",
  "dcterms:modified": "2017-06-01T15:05+09:00",
  "description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the Phone Messages function\r\n\r\nYuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\nJPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000028.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000028",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN73182875/index.html",
      "@id": "JVN#73182875",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2091",
      "@id": "CVE-2017-2091",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2091",
      "@id": "CVE-2017-2091",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Cybozu Garoon fails to restrict access permission in the Phone Messages function"
}

jvndb-2017-000027
Vulnerability from jvndb
Published
2017-02-20 15:38
Modified
2017-06-01 15:05
Severity ?
6.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
Cybozu Garoon vulnerable to SQL injection
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000027.html",
  "dc:date": "2017-06-01T15:05+09:00",
  "dcterms:issued": "2017-02-20T15:38+09:00",
  "dcterms:modified": "2017-06-01T15:05+09:00",
  "description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability.\r\n\r\nCybozu, Inc. reported  this vulnerability to JPCERT/CC to notify users of its solution through JVN.\r\nJPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000027.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000027",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN73182875/index.html",
      "@id": "JVN#73182875",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2090",
      "@id": "CVE-2017-2090",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2090",
      "@id": "CVE-2017-2090",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    }
  ],
  "title": "Cybozu Garoon vulnerable to SQL injection"
}

jvndb-2017-000029
Vulnerability from jvndb
Published
2017-02-20 15:38
Modified
2017-06-01 15:05
Severity ?
5.4 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cybozu Garoon vulnerable to cross-site scripting
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site scripting. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000029.html",
  "dc:date": "2017-06-01T15:05+09:00",
  "dcterms:issued": "2017-02-20T15:38+09:00",
  "dcterms:modified": "2017-06-01T15:05+09:00",
  "description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site scripting.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.\r\nJPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000029.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.4",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000029",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN73182875/index.html",
      "@id": "JVN#73182875",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2092",
      "@id": "CVE-2017-2092",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2092",
      "@id": "CVE-2017-2092",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Cybozu Garoon vulnerable to cross-site scripting"
}

jvndb-2016-000226
Vulnerability from jvndb
Published
2016-12-19 14:38
Modified
2017-11-27 16:58
Severity ?
4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Cybozu Garoon fails to restrict access permission in To-Dos of Space function
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in To-Dos of Space function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000226.html",
  "dc:date": "2017-11-27T16:58+09:00",
  "dcterms:issued": "2016-12-19T14:38+09:00",
  "dcterms:modified": "2017-11-27T16:58+09:00",
  "description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in To-Dos of Space function.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000226.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000226",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN14631222/index.html",
      "@id": "JVN#14631222",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7801",
      "@id": "CVE-2016-7801",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7801",
      "@id": "CVE-2016-7801",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Cybozu Garoon fails to restrict access permission in To-Dos of Space function"
}

jvndb-2016-000225
Vulnerability from jvndb
Published
2016-12-19 14:32
Modified
2017-11-27 16:58
Severity ?
4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Cybozu Garoon fails to restrict access permission in MultiReport filters
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in MultiReport filters. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000225.html",
  "dc:date": "2017-11-27T16:58+09:00",
  "dcterms:issued": "2016-12-19T14:32+09:00",
  "dcterms:modified": "2017-11-27T16:58+09:00",
  "description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in MultiReport filters.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000225.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000225",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN14631222/index.html",
      "@id": "JVN#14631222",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4910",
      "@id": "CVE-2016-4910",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4910",
      "@id": "CVE-2016-4910",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Cybozu Garoon fails to restrict access permission in MultiReport filters"
}

jvndb-2016-000224
Vulnerability from jvndb
Published
2016-12-19 14:29
Modified
2017-11-27 16:58
Severity ?
6.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Summary
Cybozu Garoon fails to restrict access permission in the RSS settings
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the RSS settings. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000224.html",
  "dc:date": "2017-11-27T16:58+09:00",
  "dcterms:issued": "2016-12-19T14:29+09:00",
  "dcterms:modified": "2017-11-27T16:58+09:00",
  "description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the RSS settings.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000224.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000224",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN14631222/index.html",
      "@id": "JVN#14631222",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=VE-2016-4908",
      "@id": "CVE-2016-4908",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4908",
      "@id": "CVE-2016-4908",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Cybozu Garoon fails to restrict access permission in the RSS settings"
}

jvndb-2016-000229
Vulnerability from jvndb
Published
2016-12-19 14:19
Modified
2017-11-27 17:11
Severity ?
6.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
Cybozu Garoon vulnerable to SQL injection
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability (CWE-89) due to an issue in "MultiReport" function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000229.html",
  "dc:date": "2017-11-27T17:11+09:00",
  "dcterms:issued": "2016-12-19T14:19+09:00",
  "dcterms:modified": "2017-11-27T17:11+09:00",
  "description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability (CWE-89) due to an issue in \"MultiReport\" function.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000229.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000229",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN17980240/index.html",
      "@id": "JVN#17980240",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7803",
      "@id": "CVE-2016-7803",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7803",
      "@id": "CVE-2016-7803",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    }
  ],
  "title": "Cybozu Garoon vulnerable to SQL injection"
}