jvndb - jvndb-2016-000094

jvndb-2016-000094

Vulnerability from jvndb

Published

2016-05-30 16:18

Modified

2016-06-28 17:01

Severity

4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

Cybozu Garoon function "MultiReport" vulnerable to access restriction bypass

Details

Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the function "MultiReport". Yuji Tounai of NTT Com Security (Japan) KK reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.

References

Type	URL
JVN	https://jvn.jp/en/jp/JVN18975349/index.html
CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1190
NVD	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1190
Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor	Product
Cybozu, Inc.	Cybozu Garoon

Show details on JVN DB website

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000094.html",
  "dc:date": "2016-06-28T17:01+09:00",
  "dcterms:issued": "2016-05-30T16:18+09:00",
  "dcterms:modified": "2016-06-28T17:01+09:00",
  "description": "Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the function \"MultiReport\".\r\n\r\nYuji Tounai of NTT Com Security (Japan) KK reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000094.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000094",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN18975349/index.html",
      "@id": "JVN#18975349",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1190",
      "@id": "CVE-2016-1190",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1190",
      "@id": "CVE-2016-1190",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Cybozu Garoon function \"MultiReport\" vulnerable to access restriction bypass"
}

cve-2016-1190

Vulnerability from cvelistv5

Published

2016-06-25 21:00

Modified

2024-08-05 22:48

Severity

Summary

Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.

References

URL	Tags
https://support.cybozu.com/ja-jp/article/8877	x_refsource_CONFIRM
http://jvn.jp/en/jp/JVN18975349/index.html	third-party-advisory, x_refsource_JVN
https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03	x_refsource_CONFIRM
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000094	third-party-advisory, x_refsource_JVNDB

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:48:13.496Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/8877"
          },
          {
            "name": "JVN#18975349",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN18975349/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
          },
          {
            "name": "JVNDB-2016-000094",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000094"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-06-25T21:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/8877"
        },
        {
          "name": "JVN#18975349",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN18975349/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
        },
        {
          "name": "JVNDB-2016-000094",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000094"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-1190",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.cybozu.com/ja-jp/article/8877",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/8877"
            },
            {
              "name": "JVN#18975349",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN18975349/index.html"
            },
            {
              "name": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03",
              "refsource": "CONFIRM",
              "url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
            },
            {
              "name": "JVNDB-2016-000094",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000094"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2016-1190",
    "datePublished": "2016-06-25T21:00:00",
    "dateReserved": "2015-12-26T00:00:00",
    "dateUpdated": "2024-08-05T22:48:13.496Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.