[Japanese]

JVNDB-2006-000651

Cybozu products vulnerable to directory traversal

Overview

Multiple Cybozu products contain a directory traversal vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


Cybozu, Inc.
  • Cybozu AG 1.2 (1.4) and earlier
  • Cybozu AG Pocket 5.2 (0.7) and earlier
  • Cybozu Garoon File Management Server 1.0(0.6) and earlier
  • Cybozu Garoon Billboard Server 1.0(0.6) and earlier
  • Cybozu Garoon Facility Reservation Server 1.0(0.6) and earlier
  • Cybozu Garoon Workflow 1.0 (1.0) and earlier
  • Cybozu Garoon Centralized Management System 1.5(4.0) and earlier
  • Cybozu Collaborex 1.5 (0.5) and earlier
  • Cybozu Mailwise 3.0 (0.2) and earlier

Impact

A remote authenticated attacker could read an arbitrary file on the server. The files that can be viewed by an attacker depend on the environment where the Cybozu products are installed.
Solution

Vendor Information

Cybozu, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2006-4491
References

  1. JVN : JVN#90420168
  2. National Vulnerability Database (NVD) : CVE-2006-4491
  3. Secunia Advisory : SA21656
  4. SecurityTracker : 1016759
  5. OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 28262
Revision History

  • [2008/05/21]
      Web page published