cvelistv5 - cve-2019-5942

cve-2019-5942

Vulnerability from cvelistv5

Published

2019-05-17 15:25

Modified

2024-08-04 20:09

Severity ?

Summary

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.

References

▼	URL	Tags
	vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN58849431/index.html	Third Party Advisory
	vultures@jpcert.or.jp	https://kb.cybozu.support/article/35485/	Vendor Advisory

Impacted products

▼	Vendor	Product
	Cybozu, Inc.	Cybozu Garoon

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:09:23.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/35485/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Garoon",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0 to 4.10.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Fails to restrict access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-17T15:25:55",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/35485/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-5942",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Garoon",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0.0 to 4.10.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Fails to restrict access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://jvn.jp/en/jp/JVN58849431/index.html",
              "refsource": "MISC",
              "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/35485/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/35485/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2019-5942",
    "datePublished": "2019-05-17T15:25:55",
    "dateReserved": "2019-01-10T00:00:00",
    "dateUpdated": "2024-08-04T20:09:23.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5942\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2019-05-17T16:29:04.847\",\"lastModified\":\"2020-08-24T17:37:01.140\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027.\"},{\"lang\":\"es\",\"value\":\"Cybozu Garoon 4.0.0 a 4.10.1 permite a los atacantes remotos autenticados eludir  el Access Restriction para obtener archivos sin privilegios de acceso por medio de la funci\u00f3n Multiple Files Download de la aplicaci\u00f3n \u0027Cabinet\u0027.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndIncluding\":\"4.10.1\",\"matchCriteriaId\":\"61297B3F-396E-42C4-BEC1-041207A7EBC2\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN58849431/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kb.cybozu.support/article/35485/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

cve-2019-5942

Vulnerability from jvndb

Published

2019-04-25 17:13

Modified

2023-11-08 16:39

Severity ?

6.0 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Summary

Multiple vulnerabilities in Cybozu Garoon

Details

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * Cross-site scripting in the additional processing of Customize Item function (CWE-79) - CVE-2019-5928 * Cross-site scripting in the application "Memo" (CWE-79) - CVE-2019-5929 * Browse restriction bypass in the application "Management of Basic System" (CWE-264) - CVE-2019-5930 * Improper verification of file path in installer (CWE-20) - CVE-2019-5931 * Stored cross-site scripting in the application "Portal" (CWE-79) - CVE-2019-5932 * Browse restriction bypass in the application "Bulletin" (CWE-284) - CVE-2019-5933 * SQL injection in the Log Search function of application "logging" (CWE-89) - CVE-2019-5934 * Operation restriction bypass in the Item function of User Information (CWE-264) - CVE-2019-5935 * Directory traversal in the application "Work Flow" (CWE-22) - CVE-2019-5936 * Cross-site scripting in the user information (CWE-79) - CVE-2019-5937 * Stored cross-site scripting in the application "Mail" (CWE-79) - CVE-2019-5938 * Cross-site scripting in the application "Portal" (CWE-79) - CVE-2019-5939 * Cross-site scripting in the application "Scheduler" (CWE-79) - CVE-2019-5940 * Operation restriction bypass in the application "Multi Report" (CWE-264) - CVE-2019-5941 * Browse restriction bypass in the Multiple Files Download function of application "Cabinet" (CWE-284) - CVE-2019-5942 * Browse restriction bypass in the application "Bulletin" and the application "Cabinet" (CWE-284) - CVE-2019-5943 * Operation restriction bypass in the application "Address" (CWE-264) - CVE-2019-5944 * Information disclosure in the authentication of Cybozu Garoon (CWE-287) - CVE-2019-5945 * Open redirect in the Login Screen (CWE-601) - CVE-2019-5946 * Cross-site scripting in the application "Cabinet" (CWE-79) - CVE-2019-5947 * Server-side request forgery in the V-CUBE Meeting function (CWE-918) - CVE-2020-5562 Cybozu, Inc. reported the following vulnerabilities to JPCERT/CC to notify users of the solution through JVN. * CVE-2019-5928, CVE-2019-5930, CVE-2019-5931, CVE-2019-5932, CVE-2019-5935, CVE-2019-5936, CVE-2019-5942 and CVE-2019-5947 by Cybozu, Inc. * CVE-2019-5929, CVE-2019-5937, CVE-2019-5938, CVE-2019-5939 and CVE-2019-5940 by Masato Kinugawa * CVE-2019-5933, CVE-2019-5941 and CVE-2019-5946 by Yuji Tounai * CVE-2019-5934 and CVE-2019-5945 by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. * CVE-2019-5943 by ixama * CVE-2019-5944 by Tanghaifeng * CVE-2020-5562 by Kanta Nishitani

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN58849431/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2020-5562
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5928
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5929
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5930
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5931
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5932
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5933
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5934
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5935
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5936
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5937
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5938
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5939
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5940
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5941
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5942
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5943
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5944
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5945
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5946
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5947
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5928
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5929
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5930
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5931
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5932
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5933
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5934
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5935
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5936
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5937
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5938
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5939
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5940
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5941
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5942
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5943
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5944
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5945
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5946
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5947
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5562
	Improper Input Validation(CWE-20)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Information Exposure(CWE-200)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Path Traversal(CWE-22)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	SQL Injection(CWE-89)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000023.html",
  "dc:date": "2023-11-08T16:39+09:00",
  "dcterms:issued": "2019-04-25T17:13+09:00",
  "dcterms:modified": "2023-11-08T16:39+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n\r\n* Cross-site scripting in the additional processing of Customize Item function (CWE-79) - CVE-2019-5928\r\n* Cross-site scripting in the application \"Memo\" (CWE-79) - CVE-2019-5929\r\n* Browse restriction bypass in the application \"Management of Basic System\" (CWE-264) - CVE-2019-5930\r\n* Improper verification of file path in installer (CWE-20) - CVE-2019-5931\r\n* Stored cross-site scripting in the application \"Portal\" (CWE-79) - CVE-2019-5932\r\n* Browse restriction bypass in the application \"Bulletin\" (CWE-284) - CVE-2019-5933\r\n* SQL injection in the Log Search function of application \"logging\" (CWE-89) - CVE-2019-5934\r\n* Operation restriction bypass in the Item function of User Information (CWE-264) - CVE-2019-5935\r\n* Directory traversal in the application \"Work Flow\" (CWE-22) - CVE-2019-5936\r\n* Cross-site scripting in the user information (CWE-79) - CVE-2019-5937\r\n* Stored cross-site scripting in the application \"Mail\" (CWE-79) - CVE-2019-5938\r\n* Cross-site scripting in the application \"Portal\" (CWE-79) - CVE-2019-5939\r\n* Cross-site scripting in the application \"Scheduler\" (CWE-79) - CVE-2019-5940\r\n* Operation restriction bypass in the application \"Multi Report\" (CWE-264) - CVE-2019-5941\r\n* Browse restriction bypass in the Multiple Files Download function of application \"Cabinet\" (CWE-284) - CVE-2019-5942\r\n* Browse restriction bypass in the application \"Bulletin\" and the application \"Cabinet\" (CWE-284) - CVE-2019-5943\r\n* Operation restriction bypass in the application \"Address\" (CWE-264) - CVE-2019-5944\r\n* Information disclosure in the authentication of Cybozu Garoon (CWE-287) - CVE-2019-5945\r\n* Open redirect in the Login Screen (CWE-601) - CVE-2019-5946\r\n* Cross-site scripting in the application \"Cabinet\" (CWE-79) - CVE-2019-5947\r\n* Server-side request forgery in the V-CUBE Meeting function (CWE-918) - CVE-2020-5562\r\n\r\nCybozu, Inc. reported the following vulnerabilities to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n* CVE-2019-5928, CVE-2019-5930, CVE-2019-5931, CVE-2019-5932, CVE-2019-5935, CVE-2019-5936, CVE-2019-5942 and CVE-2019-5947 by Cybozu, Inc.\r\n* CVE-2019-5929, CVE-2019-5937, CVE-2019-5938, CVE-2019-5939 and CVE-2019-5940 by Masato Kinugawa\r\n* CVE-2019-5933, CVE-2019-5941 and CVE-2019-5946 by Yuji Tounai\r\n* CVE-2019-5934 and CVE-2019-5945 by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.\r\n* CVE-2019-5943 by ixama\r\n* CVE-2019-5944 by Tanghaifeng\r\n* CVE-2020-5562 by Kanta Nishitani",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000023.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2019-000023",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN58849431/index.html",
      "@id": "JVN#58849431",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2020-5562",
      "@id": "CVE-2020-5562",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5928",
      "@id": "CVE-2019-5928",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5929",
      "@id": "CVE-2019-5929",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5930",
      "@id": "CVE-2019-5930",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5931",
      "@id": "CVE-2019-5931",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5932",
      "@id": "CVE-2019-5932",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5933",
      "@id": "CVE-2019-5933",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5934",
      "@id": "CVE-2019-5934",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5935",
      "@id": "CVE-2019-5935",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5936",
      "@id": "CVE-2019-5936",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5937",
      "@id": "CVE-2019-5937",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5938",
      "@id": "CVE-2019-5938",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5939",
      "@id": "CVE-2019-5939",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5940",
      "@id": "CVE-2019-5940",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5941",
      "@id": "CVE-2019-5941",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5942",
      "@id": "CVE-2019-5942",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5943",
      "@id": "CVE-2019-5943",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5944",
      "@id": "CVE-2019-5944",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5945",
      "@id": "CVE-2019-5945",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5946",
      "@id": "CVE-2019-5946",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5947",
      "@id": "CVE-2019-5947",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5928",
      "@id": "CVE-2019-5928",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5929",
      "@id": "CVE-2019-5929",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5930",
      "@id": "CVE-2019-5930",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5931",
      "@id": "CVE-2019-5931",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5932",
      "@id": "CVE-2019-5932",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5933",
      "@id": "CVE-2019-5933",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5934",
      "@id": "CVE-2019-5934",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5935",
      "@id": "CVE-2019-5935",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5936",
      "@id": "CVE-2019-5936",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5937",
      "@id": "CVE-2019-5937",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5938",
      "@id": "CVE-2019-5938",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5939",
      "@id": "CVE-2019-5939",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5940",
      "@id": "CVE-2019-5940",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5941",
      "@id": "CVE-2019-5941",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5942",
      "@id": "CVE-2019-5942",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5943",
      "@id": "CVE-2019-5943",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5944",
      "@id": "CVE-2019-5944",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5945",
      "@id": "CVE-2019-5945",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5946",
      "@id": "CVE-2019-5946",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5947",
      "@id": "CVE-2019-5947",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5562",
      "@id": "CVE-2020-5562",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Garoon"
}

gsd-2019-5942

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-5942

Aliases

CVE-2019-5942

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-5942",
    "description": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027.",
    "id": "GSD-2019-5942"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-5942"
      ],
      "details": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027.",
      "id": "GSD-2019-5942",
      "modified": "2023-12-13T01:23:54.839005Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2019-5942",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cybozu Garoon",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "4.0.0 to 4.10.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cybozu, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Fails to restrict access"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://jvn.jp/en/jp/JVN58849431/index.html",
            "refsource": "MISC",
            "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
          },
          {
            "name": "https://kb.cybozu.support/article/35485/",
            "refsource": "MISC",
            "url": "https://kb.cybozu.support/article/35485/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.10.1",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-5942"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.cybozu.support/article/35485/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.cybozu.support/article/35485/"
            },
            {
              "name": "http://jvn.jp/en/jp/JVN58849431/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-05-17T16:29Z"
    }
  }
}

ghsa-j88r-3c3q-h5jh

Vulnerability from github

Published

2022-05-24 16:46

Modified

2022-05-24 16:46

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5942"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-17T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027.",
  "id": "GHSA-j88r-3c3q-h5jh",
  "modified": "2022-05-24T16:46:04Z",
  "published": "2022-05-24T16:46:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5942"
    },
    {
      "type": "WEB",
      "url": "https://kb.cybozu.support/article/35485"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Action not permitted

cve-2019-5942

Vulnerability from cvelistv5

cve-2019-5942

Vulnerability from jvndb

gsd-2019-5942

Vulnerability from gsd

ghsa-j88r-3c3q-h5jh

Vulnerability from github

Tags