CVE-2014-0817
Vulnerability from cvelistv5
Published
2014-02-27 01:00
Modified
2024-08-06 09:27
Severity ?
Summary
Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.
References
vultures@jpcert.or.jphttp://cs.cybozu.co.jp/information/gr20140225up03.phpVendor Advisory
vultures@jpcert.or.jphttp://jvn.jp/en/jp/JVN24035499/index.html
vultures@jpcert.or.jphttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000021
vultures@jpcert.or.jphttps://support.cybozu.com/ja-jp/article/7992Patch, Vendor Advisory
Impacted products
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.176Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cs.cybozu.co.jp/information/gr20140225up03.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/7992"
          },
          {
            "name": "JVNDB-2014-000021",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021"
          },
          {
            "name": "JVN#24035499",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN24035499/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-02-27T00:57:00",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cs.cybozu.co.jp/information/gr20140225up03.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/7992"
        },
        {
          "name": "JVNDB-2014-000021",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021"
        },
        {
          "name": "JVN#24035499",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN24035499/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2014-0817",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://cs.cybozu.co.jp/information/gr20140225up03.php",
              "refsource": "CONFIRM",
              "url": "http://cs.cybozu.co.jp/information/gr20140225up03.php"
            },
            {
              "name": "https://support.cybozu.com/ja-jp/article/7992",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/7992"
            },
            {
              "name": "JVNDB-2014-000021",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021"
            },
            {
              "name": "JVN#24035499",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN24035499/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2014-0817",
    "datePublished": "2014-02-27T01:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-0817\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2014-02-27T01:55:03.507\",\"lastModified\":\"2014-02-27T17:08:54.437\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Cybozu Garoon 2.x hasta 2.5.4 y 3.x hasta 3.7 SP3 no maneja debidamente las sesiones, lo que permite a usuarios remotos autenticados suplantar usuarios arbitrarios a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.9},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF71E37E-908E-438A-9743-BB5D25ED5F1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"18567DE5-3254-468E-9584-32C9418DAA53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*\",\"matchCriteriaId\":\"5251D9B4-DEDB-4D99-97D3-3900E8F5EE38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2084B74-113F-4B42-85F7-602592BBBFA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1556F99E-1609-44FF-83F0-F43FBDE738A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"348C389E-ADFD-4D2C-AA54-220664EA2755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48F3F19B-25A7-4E9E-9961-1F7C8DBC0327\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08AE0E10-87A4-4862-A873-A943F44A9862\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C88D773E-B6DE-4FD2-A911-0D13C6CA902C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C846A750-F26E-4F1F-85A3-F95BCC9F8A3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E139B6A-2F36-4EB5-BA1F-84D67C89E935\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7189699-5D46-483A-BF12-092BD32C74E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"96F3B195-B10D-4ABA-A5F3-E242C7C0BA85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"33042DF3-CA82-4474-946F-EEF080C14D24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"360867B7-354F-4253-8A97-571121BF43D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F585001-37C9-42F5-8B13-56827E6AC785\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47FD3F43-9ECA-4815-8BDC-B9DAC07E9400\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F5F2D43-8B67-4D84-94AF-262F6D66F2B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"277403E7-3CD9-458C-9669-FB983FF94568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27E24A5C-C425-493F-B557-07265251EFD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC455565-5C7F-47A6-9664-4FD82F8EADDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C29786F-C1CE-4716-BD3B-71BFD5D53311\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F28FB567-BAB5-49DD-9A88-60A242BDD81C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"91374D4F-F981-4FE5-8B83-DE4E5DDD29D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC3404D5-E57D-4714-852A-28410DA9C4C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24E8134C-DE8A-452D-A211-05A09D5FCD74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1631C311-CBBA-483A-ABF1-27C8ECEC798B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5274D0F4-ED8A-4CA9-9FAC-EB66148C01DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF4BB645-2C78-4EAB-B4A1-B3166E1E05DF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"299E9A6F-1DF1-406E-B3EB-BAD21392E569\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"57BBC64D-CC0A-4989-916B-8F96AE194283\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACACBF0A-0108-4B38-84C6-71505A3777AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9204845-9463-420E-AF52-92BC557C288F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"091F5390-9ADF-49D9-83E1-BFD523CD03FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3462F9A-A4CA-4622-9614-D1D94797EA32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"64C1B9B8-14DF-4195-A130-BE4103292125\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A63ACA4-BF92-4CB3-B078-5BA85478593D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71CECA0B-D131-45A7-8D6C-E45EF0F09CF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"76EB8EC8-D968-408D-A0F2-14164F515C3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0166440-4223-4ED5-9C55-0B2CBAEFF196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFCFB357-293D-49CD-8090-FBD687F97D4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"63FA07F5-2085-4EE1-9BCB-2F9D0713014F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*\",\"matchCriteriaId\":\"F47A9F1D-E966-4BEE-AD2D-8DA23B848825\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B16589DC-22D2-466A-B2D7-85E20A82B8B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0121310-1C8A-4F3E-9C0C-B8EA37907C7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.7:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE55E26D-AC2D-4384-97BC-090737F2D100\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:3.7:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B042AA50-E923-4C84-8A94-85479A59F652\"}]}]}],\"references\":[{\"url\":\"http://cs.cybozu.co.jp/information/gr20140225up03.php\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://jvn.jp/en/jp/JVN24035499/index.html\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://support.cybozu.com/ja-jp/article/7992\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.