jvndb-2016-000094
Vulnerability from jvndb
Published
2016-05-30 16:18
Modified
2016-06-28 17:01
Severity
Summary
Cybozu Garoon function "MultiReport" vulnerable to access restriction bypass
Details
Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the function "MultiReport".
Yuji Tounai of NTT Com Security (Japan) KK reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
Vendor | Product |
---|---|
Cybozu, Inc. | Cybozu Garoon |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000094.html", "dc:date": "2016-06-28T17:01+09:00", "dcterms:issued": "2016-05-30T16:18+09:00", "dcterms:modified": "2016-06-28T17:01+09:00", "description": "Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the function \"MultiReport\".\r\n\r\nYuji Tounai of NTT Com Security (Japan) KK reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.", "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000094.html", "sec:cpe": { "#text": "cpe:/a:cybozu:garoon", "@product": "Cybozu Garoon", "@vendor": "Cybozu, Inc.", "@version": "2.2" }, "sec:cvss": [ { "@score": "4.0", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "@version": "2.0" }, { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "@version": "3.0" } ], "sec:identifier": "JVNDB-2016-000094", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN18975349/index.html", "@id": "JVN#18975349", "@source": "JVN" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1190", "@id": "CVE-2016-1190", "@source": "CVE" }, { "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1190", "@id": "CVE-2016-1190", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-264", "@title": "Permissions(CWE-264)" } ], "title": "Cybozu Garoon function \"MultiReport\" vulnerable to access restriction bypass" }
Loading...