Refine your search
5 vulnerabilities found for GroupSession by Japan Total System Co.,Ltd.
jvndb-2025-000113
Vulnerability from jvndb
Published
2025-12-08 17:48
Modified
2025-12-11 11:30
Severity ?
Summary
Multiple vulnerabilities in GroupSession
Details
GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.
<ul><li>Stored cross-site scripting (CWE-79) - CVE-2025-53523</li>
<li>Stored cross-site scripting (CWE-79) - CVE-2025-54407</li>
<li>Reflected cross-site scripting (CWE-79) - CVE-2025-57883</li>
<li>Cross-site request forgery (CWE-352) - CVE-2025-58576</li>
<li>Authorization bypass through user-controlled key (CWE-639) - CVE-2025-61950</li>
<li>Missing origin validation in webSockets (CWE-1385) - CVE-2025-61987</li><li>SQL injection (CWE-89) - CVE-2025-62192</li>
<li>Initialization of a resource with an insecure default (CWE-1188) - CVE-2025-64781</li>
<li>This can be exploited only when External page display restriction is set as "Do not limit", as in the initial configurationReflected cross-site scripting (CWE-79) - CVE-2025-65120</li>
<li>Stored cross-site scripting (CWE-79) - CVE-2025-66284</li></ul>
The following people reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2025-53523
Reporter: Shogo Iyota of GMO Cybersecurity by Ierae
Gaku Mochizuki, Tsutomu Aramaki, and Taiga Shirakura of Mitsui Bussan Secure Directions, Inc.
Natsumi Furukawa
CVE-2025-54407
Reporter: Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.
CVE-2025-57883
Reporter: Tsuyuki Takumi of Mitsui Bussan Secure Directions, Inc.
Ryo Sato
CVE-2025-58576
Reporter: Tsuyuki Takumi, Kenta Yamamoto, and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.
Shogo Iyota of GMO Cybersecurity by Ierae
CVE-2025-61950
Reporter: Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc.
CVE-2025-61987
Reporter: Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.
CVE-2025-62192
Gaku Mochizuki and Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc.
CVE-2025-64781
Reporter: Ryo Sato
CVE-2025-65120
Reporter: Kentaro Ishii of GMO Cybersecurity by Ierae, Inc.
Shiga Takuma of BroadBand Security, Inc.
CVE-2025-66284
Reporter: Kentaro Ishii of GMO Cybersecurity by Ierae, Inc.
KOJIRO ENOKIDA
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000113.html",
"dc:date": "2025-12-11T11:30+09:00",
"dcterms:issued": "2025-12-08T17:48+09:00",
"dcterms:modified": "2025-12-11T11:30+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eStored cross-site scripting (CWE-79) - CVE-2025-53523\u003c/li\u003e\r\n\u003cli\u003eStored cross-site scripting (CWE-79) - CVE-2025-54407\u003c/li\u003e\r\n\u003cli\u003eReflected cross-site scripting (CWE-79) - CVE-2025-57883\u003c/li\u003e\r\n\u003cli\u003eCross-site request forgery (CWE-352) - CVE-2025-58576\u003c/li\u003e\r\n\u003cli\u003eAuthorization bypass through user-controlled key (CWE-639) - CVE-2025-61950\u003c/li\u003e\r\n\u003cli\u003eMissing origin validation in webSockets (CWE-1385) - CVE-2025-61987\u003c/li\u003e\u003cli\u003eSQL injection (CWE-89) - CVE-2025-62192\u003c/li\u003e\r\n\u003cli\u003eInitialization of a resource with an insecure default (CWE-1188) - CVE-2025-64781\u003c/li\u003e\r\n\u003cli\u003eThis can be exploited only when External page display restriction is set as \"Do not limit\", as in the initial configurationReflected cross-site scripting (CWE-79) - CVE-2025-65120\u003c/li\u003e\r\n\u003cli\u003eStored cross-site scripting (CWE-79) - CVE-2025-66284\u003c/li\u003e\u003c/ul\u003e\r\nThe following people reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2025-53523\r\nReporter: Shogo Iyota of GMO Cybersecurity by Ierae\r\n Gaku Mochizuki, Tsutomu Aramaki, and Taiga Shirakura of Mitsui Bussan Secure Directions, Inc.\r\n Natsumi Furukawa\r\n\r\nCVE-2025-54407\r\nReporter: Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2025-57883\r\nReporter: Tsuyuki Takumi of Mitsui Bussan Secure Directions, Inc.\r\n Ryo Sato\r\n\r\nCVE-2025-58576\r\nReporter: Tsuyuki Takumi, Kenta Yamamoto, and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.\r\n Shogo Iyota of GMO Cybersecurity by Ierae\r\n\r\nCVE-2025-61950\r\nReporter: Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2025-61987\r\nReporter: Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2025-62192\r\nGaku Mochizuki and Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2025-64781\r\nReporter: Ryo Sato\r\n\r\nCVE-2025-65120\r\nReporter: Kentaro Ishii of GMO Cybersecurity by Ierae, Inc.\r\n Shiga Takuma of BroadBand Security, Inc.\r\n\r\nCVE-2025-66284\r\nReporter: Kentaro Ishii of GMO Cybersecurity by Ierae, Inc.\r\n KOJIRO ENOKIDA",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000113.html",
"sec:cpe": {
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000113",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN19940619/index.html",
"@id": "JVN#19940619",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-53523",
"@id": "CVE-2025-53523",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-54407",
"@id": "CVE-2025-54407",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-57883",
"@id": "CVE-2025-57883",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-58576",
"@id": "CVE-2025-58576",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-61950",
"@id": "CVE-2025-61950",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-61987",
"@id": "CVE-2025-61987",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-62192",
"@id": "CVE-2025-62192",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-64781",
"@id": "CVE-2025-64781",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-65120",
"@id": "CVE-2025-65120",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-66284",
"@id": "CVE-2025-66284",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in GroupSession"
}
jvndb-2021-000111
Vulnerability from jvndb
Published
2021-12-20 14:53
Modified
2021-12-21 14:20
Severity ?
Summary
Multiple vulnerabilities in GroupSession
Details
GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.
*Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2021-20874
*Open redirect (CWE-601) - CVE-2021-20875
*Path Traversal (CWE-22) - CVE-2021-20876
CVE-2021-20874
TAKUMA SHIGA reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20875, CVE-2021-20876
Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000111.html",
"dc:date": "2021-12-21T14:20+09:00",
"dcterms:issued": "2021-12-20T14:53+09:00",
"dcterms:modified": "2021-12-21T14:20+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.\r\n\r\n*Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2021-20874\r\n*Open redirect (CWE-601) - CVE-2021-20875\r\n*Path Traversal (CWE-22) - CVE-2021-20876\r\n\r\nCVE-2021-20874\r\nTAKUMA SHIGA reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20875, CVE-2021-20876\r\nTsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000111.html",
"sec:cpe": {
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000111",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN79798166/index.html",
"@id": "JVN#79798166",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2021-20874",
"@id": "CVE-2021-20874",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2021-20875",
"@id": "CVE-2021-20875",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2021-20876",
"@id": "CVE-2021-20876",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20874",
"@id": "CVE-2021-20874",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20875",
"@id": "CVE-2021-20875",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20876",
"@id": "CVE-2021-20876",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in GroupSession"
}
jvndb-2021-000070
Vulnerability from jvndb
Published
2021-07-19 15:41
Modified
2023-03-08 17:02
Severity ?
Summary
Multiple vulnerabilities in GroupSession
Details
GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.
*Cross-site scripting vulnerability (CWE-79) - CVE-2021-20785
*Cross-site request forgery (CWE-352) - CVE-2021-20786
*Cross-site scripting vulnerability (CWE-79) - CVE-2021-20787
*Sever-side request forgery (CWE-918) - CVE-2021-20788
*Open redirect (CWE-601) - CVE-2021-20789
CVE-2021-20785, CVE-2021-20786
ASAI Ken reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20787, CVE-2021-20788, CVE-2021-20789
Ryo Sato of BroadBand Security,Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000070.html",
"dc:date": "2023-03-08T17:02+09:00",
"dcterms:issued": "2021-07-19T15:41+09:00",
"dcterms:modified": "2023-03-08T17:02+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.\r\n*Cross-site scripting vulnerability (CWE-79) - CVE-2021-20785\r\n*Cross-site request forgery (CWE-352) - CVE-2021-20786\r\n*Cross-site scripting vulnerability (CWE-79) - CVE-2021-20787\r\n*Sever-side request forgery (CWE-918) - CVE-2021-20788\r\n*Open redirect (CWE-601) - CVE-2021-20789\r\n\r\nCVE-2021-20785, CVE-2021-20786\r\nASAI Ken reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20787, CVE-2021-20788, CVE-2021-20789\r\nRyo Sato of BroadBand Security,Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000070.html",
"sec:cpe": [
{
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000070",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN86026700/index.html",
"@id": "JVN#86026700",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20785",
"@id": "CVE-2021-20785",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20786",
"@id": "CVE-2021-20786",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20787",
"@id": "CVE-2021-20787",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20788",
"@id": "CVE-2021-20788",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20789",
"@id": "CVE-2021-20789",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20785",
"@id": "CVE-2021-20785",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20786",
"@id": "CVE-2021-20786",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20787",
"@id": "CVE-2021-20787",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20788",
"@id": "CVE-2021-20788",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20789",
"@id": "CVE-2021-20789",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in GroupSession"
}
jvndb-2018-000003
Vulnerability from jvndb
Published
2018-01-19 14:19
Modified
2018-04-11 11:37
Severity ?
Summary
GroupSession vulnerable to open redirect
Details
GroupSession provided by Japan Total System Co.,Ltd. is an open source groupware. GroupSession contains an open redirect vulnerability (CWE-601).
Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000003.html",
"dc:date": "2018-04-11T11:37+09:00",
"dcterms:issued": "2018-01-19T14:19+09:00",
"dcterms:modified": "2018-04-11T11:37+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. is an open source groupware. GroupSession contains an open redirect vulnerability (CWE-601).\r\n\r\nNorihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000003.html",
"sec:cpe": {
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000003",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN26200083/index.html",
"@id": "JVN#26200083",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2166",
"@id": "CVE-2017-2166",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2166",
"@id": "CVE-2017-2166",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "GroupSession vulnerable to open redirect"
}
jvndb-2017-000089
Vulnerability from jvndb
Published
2017-05-25 14:14
Modified
2018-01-24 11:59
Severity ?
Summary
GroupSession fails to restrict access permissions
Details
GroupSession provided by Japan Total System Co.,Ltd. is open source groupware. GroupSession fails to restrict access permissions.
Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000089.html",
"dc:date": "2018-01-24T11:59+09:00",
"dcterms:issued": "2017-05-25T14:14+09:00",
"dcterms:modified": "2018-01-24T11:59+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. is open source groupware. GroupSession fails to restrict access permissions.\r\n\r\nNorihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000089.html",
"sec:cpe": {
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000089",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN42164352/index.html",
"@id": "JVN#42164352",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2165",
"@id": "CVE-2017-2165",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2165",
"@id": "CVE-2017-2165",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "GroupSession fails to restrict access permissions"
}