cvelistv5 - cve-2022-29484

cve-2022-29484

Vulnerability from cvelistv5

Published

2022-07-04 06:56

Modified

2024-08-03 06:26

Severity ?

Summary

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.

References

▼	URL	Tags
	vultures@jpcert.or.jp	https://cs.cybozu.co.jp/2022/007429.html	Vendor Advisory
	vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN73897863/index.html	Third Party Advisory

Impacted products

▼	Vendor	Product
	Cybozu, Inc.	Cybozu Garoon

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:26:05.788Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cs.cybozu.co.jp/2022/007429.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN73897863/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Garoon",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0 to 5.9.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Authorization",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-04T06:56:33",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cs.cybozu.co.jp/2022/007429.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN73897863/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-29484",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Garoon",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0.0 to 5.9.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cs.cybozu.co.jp/2022/007429.html",
              "refsource": "MISC",
              "url": "https://cs.cybozu.co.jp/2022/007429.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN73897863/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN73897863/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-29484",
    "datePublished": "2022-07-04T06:56:33",
    "dateReserved": "2022-04-28T00:00:00",
    "dateUpdated": "2024-08-03T06:26:05.788Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-29484\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2022-07-04T07:15:08.720\",\"lastModified\":\"2023-08-08T14:22:24.967\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de omisi\u00f3n de la restricci\u00f3n de operaci\u00f3n en Space de Cybozu Garoon versiones 4.0.0 a 5.9.0, permite a un atacante remoto autenticado borrar los datos de Space\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.5},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndIncluding\":\"5.9.0\",\"matchCriteriaId\":\"39603415-4A73-4DB7-B872-AEFC61EBA053\"}]}]}],\"references\":[{\"url\":\"https://cs.cybozu.co.jp/2022/007429.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN73897863/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

cve-2022-29484

Vulnerability from jvndb

Published

2022-05-16 14:25

Modified

2024-06-17 16:34

Severity ?

5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Multiple vulnerabilities in Cybozu Garoon

Details

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * [CyVDB-1584][CyVDB-2670] Operation restriction bypass vulnerability in Bulletin (CWE-285) - CVE-2022-28718 * [CyVDB-1865][CyVDB-2692] Operation restriction bypass vulnerability in Workflow (CWE-285) - CVE-2022-27661 * [CyVDB-2660] Improper input validation vulnerability in Space (CWE-20) - CVE-2022-29892 * [CyVDB-2667] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2022-29513 * [CyVDB-2685] Browse restriction bypass vulnerability in Bulletin (CWE-284) - CVE-2022-29471 * [CyVDB-2689] Operation restriction bypass vulnerability in Portal (CWE-285) - CVE-2022-26051 * [CyVDB-2718] Improper input validation vulnerability in Scheduler (CWE-20) - CVE-2022-28692 * [CyVDB-2839] Improper input validation vulnerability in Space (CWE-20) - CVE-2022-27803 * [CyVDB-2841] Browse restriction bypass and operation restriction bypass vulnerability in Cabinet (CWE-285) - CVE-2022-26368 * [CyVDB-2889] Cross-site scripting vulnerability in Organization's Information (CWE-79) - CVE-2022-27627 * [CyVDB-2897] Operation restriction bypass vulnerability in Link (CWE-285) - CVE-2022-26054 * [CyVDB-2906] Improper input validation vulnerability in Link (CWE-20) - CVE-2022-27807 * [CyVDB-2932] Address information disclosure vulnerability (CWE-200) - CVE-2022-29467 * [CyVDB-2940] Improper authentication vulnerability in Scheduler (CWE-287) - CVE-2022-28713 * [CyVDB-3001] Operation restriction bypass vulnerability in Space (CWE-285) - CVE-2022-29484 * [CyVDB-2911] Browse restriction bypass vulnerability in Cabinet (CWE-284) - CVE-2022-31472 CVE-2022-27627 Masato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. CVE-2022-26054, CVE-2022-26368, CVE-2022-31472 Yuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN. CVE-2022-26051, CVE-2022-27661, CVE-2022-27803, CVE-2022-27807, CVE-2022-28692, CVE-2022-28713, CVE-2022-28718, CVE-2022-29467, CVE-2022-29471, CVE-2022-29484, CVE-2022-29513, CVE-2022-29892 Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN73897863/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26051
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26054
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26368
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27627
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27661
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27803
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27807
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28692
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28713
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28718
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29467
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29471
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29484
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29513
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29892
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-31472
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-26051
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-26054
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-26368
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-27627
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-27661
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-27803
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-27807
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-28692
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-28713
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-28718
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-29467
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-29471
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-29484
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-29513
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-29892
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-31472
	Improper Input Validation(CWE-20)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Information Exposure(CWE-200)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Improper Authentication(CWE-287)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000035.html",
  "dc:date": "2024-06-17T16:34+09:00",
  "dcterms:issued": "2022-05-16T14:25+09:00",
  "dcterms:modified": "2024-06-17T16:34+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n* [CyVDB-1584][CyVDB-2670] Operation restriction bypass vulnerability in Bulletin (CWE-285) - CVE-2022-28718\r\n* [CyVDB-1865][CyVDB-2692] Operation restriction bypass vulnerability in Workflow (CWE-285) - CVE-2022-27661\r\n* [CyVDB-2660] Improper input validation vulnerability in Space (CWE-20) - CVE-2022-29892\r\n* [CyVDB-2667] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2022-29513\r\n* [CyVDB-2685] Browse restriction bypass vulnerability in Bulletin (CWE-284) - CVE-2022-29471\r\n* [CyVDB-2689] Operation restriction bypass vulnerability in Portal (CWE-285) - CVE-2022-26051\r\n* [CyVDB-2718] Improper input validation vulnerability in Scheduler (CWE-20) - CVE-2022-28692\r\n* [CyVDB-2839] Improper input validation vulnerability in Space (CWE-20) - CVE-2022-27803\r\n* [CyVDB-2841] Browse restriction bypass and operation restriction bypass vulnerability in Cabinet (CWE-285) - CVE-2022-26368\r\n* [CyVDB-2889] Cross-site scripting vulnerability in Organization\u0027s Information (CWE-79) - CVE-2022-27627\r\n* [CyVDB-2897] Operation restriction bypass vulnerability in Link (CWE-285) - CVE-2022-26054\r\n* [CyVDB-2906] Improper input validation vulnerability in Link (CWE-20) - CVE-2022-27807\r\n* [CyVDB-2932] Address information disclosure vulnerability (CWE-200) - CVE-2022-29467\r\n* [CyVDB-2940] Improper authentication vulnerability in Scheduler (CWE-287) - CVE-2022-28713\r\n* [CyVDB-3001] Operation restriction bypass vulnerability in Space (CWE-285) - CVE-2022-29484\r\n* [CyVDB-2911] Browse restriction bypass vulnerability in Cabinet (CWE-284) - CVE-2022-31472\r\n\r\nCVE-2022-27627\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2022-26054, CVE-2022-26368, CVE-2022-31472\r\nYuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2022-26051, CVE-2022-27661, CVE-2022-27803, CVE-2022-27807, CVE-2022-28692, CVE-2022-28713, CVE-2022-28718, CVE-2022-29467, CVE-2022-29471, CVE-2022-29484, CVE-2022-29513, CVE-2022-29892\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000035.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2022-000035",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN73897863/index.html",
      "@id": "JVN#73897863",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26051",
      "@id": "CVE-2022-26051",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26054",
      "@id": "CVE-2022-26054",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26368",
      "@id": "CVE-2022-26368",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27627",
      "@id": "CVE-2022-27627",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27661",
      "@id": "CVE-2022-27661",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27803",
      "@id": "CVE-2022-27803",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27807",
      "@id": "CVE-2022-27807",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28692",
      "@id": "CVE-2022-28692",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28713",
      "@id": "CVE-2022-28713",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28718",
      "@id": "CVE-2022-28718",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29467",
      "@id": "CVE-2022-29467",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29471",
      "@id": "CVE-2022-29471",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29484",
      "@id": "CVE-2022-29484",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29513",
      "@id": "CVE-2022-29513",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29892",
      "@id": "CVE-2022-29892",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-31472",
      "@id": "CVE-2022-31472",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26051",
      "@id": "CVE-2022-26051",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26054",
      "@id": "CVE-2022-26054",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26368",
      "@id": "CVE-2022-26368",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-27627",
      "@id": "CVE-2022-27627",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-27661",
      "@id": "CVE-2022-27661",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-27803",
      "@id": "CVE-2022-27803",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-27807",
      "@id": "CVE-2022-27807",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28692",
      "@id": "CVE-2022-28692",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28713",
      "@id": "CVE-2022-28713",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28718",
      "@id": "CVE-2022-28718",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29467",
      "@id": "CVE-2022-29467",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29471",
      "@id": "CVE-2022-29471",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29484",
      "@id": "CVE-2022-29484",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29513",
      "@id": "CVE-2022-29513",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29892",
      "@id": "CVE-2022-29892",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-31472",
      "@id": "CVE-2022-31472",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-287",
      "@title": "Improper Authentication(CWE-287)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Garoon"
}

gsd-2022-29484

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.

Aliases

CVE-2022-29484

Aliases

CVE-2022-29484

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-29484",
    "description": "Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.",
    "id": "GSD-2022-29484"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-29484"
      ],
      "details": "Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.",
      "id": "GSD-2022-29484",
      "modified": "2023-12-13T01:19:41.770144Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2022-29484",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cybozu Garoon",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "4.0.0 to 5.9.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cybozu, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Authorization"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cs.cybozu.co.jp/2022/007429.html",
            "refsource": "MISC",
            "url": "https://cs.cybozu.co.jp/2022/007429.html"
          },
          {
            "name": "https://jvn.jp/en/jp/JVN73897863/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/jp/JVN73897863/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.9.0",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-29484"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-863"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cs.cybozu.co.jp/2022/007429.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://cs.cybozu.co.jp/2022/007429.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN73897863/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN73897863/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2022-07-12T14:48Z",
      "publishedDate": "2022-07-04T07:15Z"
    }
  }
}

ghsa-4pwp-c93m-vr3q

Vulnerability from github

Published

2022-07-05 00:00

Modified

2022-07-13 00:01

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Details

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-29484"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-04T07:15:00Z",
    "severity": "HIGH"
  },
  "details": "Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.",
  "id": "GHSA-4pwp-c93m-vr3q",
  "modified": "2022-07-13T00:01:53Z",
  "published": "2022-07-05T00:00:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29484"
    },
    {
      "type": "WEB",
      "url": "https://cs.cybozu.co.jp/2022/007429.html"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN73897863/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Action not permitted

cve-2022-29484

Vulnerability from cvelistv5

cve-2022-29484

Vulnerability from jvndb

gsd-2022-29484

Vulnerability from gsd

ghsa-4pwp-c93m-vr3q

Vulnerability from github

Tags