github - ghsa-mqj4-fwgj-pw46

ghsa-mqj4-fwgj-pw46

Vulnerability from github

Published

2022-05-13 01:44

Modified

2022-05-13 01:44

Severity

4.3 (Medium) - CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-2091"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-28T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.",
  "id": "GHSA-mqj4-fwgj-pw46",
  "modified": "2022-05-13T01:44:42Z",
  "published": "2022-05-13T01:44:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2091"
    },
    {
      "type": "WEB",
      "url": "https://support.cybozu.com/ja-jp/article/9570"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN73182875/index.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96429"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2017-2091

Vulnerability from cvelistv5

Published

2017-04-28 16:00

Modified

2024-08-05 13:39

Severity

Summary

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.

References

URL	Tags
https://support.cybozu.com/ja-jp/article/9570	x_refsource_MISC
http://jvn.jp/en/jp/JVN73182875/index.html	third-party-advisory, x_refsource_JVN
http://www.securityfocus.com/bid/96429	vdb-entry, x_refsource_BID

Impacted products

Vendor	Product
Cybozu, Inc.	Cybozu Garoon

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.243Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9570"
          },
          {
            "name": "JVN#73182875",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN73182875/index.html"
          },
          {
            "name": "96429",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96429"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Garoon",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0 to 4.2.3"
            }
          ]
        }
      ],
      "datePublic": "2017-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Fails to restrict access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-01T09:57:02",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9570"
        },
        {
          "name": "JVN#73182875",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN73182875/index.html"
        },
        {
          "name": "96429",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96429"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2091",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Garoon",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.0 to 4.2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Fails to restrict access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.cybozu.com/ja-jp/article/9570",
              "refsource": "MISC",
              "url": "https://support.cybozu.com/ja-jp/article/9570"
            },
            {
              "name": "JVN#73182875",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN73182875/index.html"
            },
            {
              "name": "96429",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96429"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-2091",
    "datePublished": "2017-04-28T16:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:39:32.243Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.