[Japanese]

JVNDB-2018-000031

Multiple vulnerabilities in Cybozu Garoon

Overview

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.

* SQL injection in the application "Address" (CWE-89) - CVE-2018-0530
* Operation restriction bypass in the "Folder settings" (CWE-264) - CVE-2018-0531
* Operation restriction bypass in the setting of Login authentication (CWE-264) - CVE-2018-0532
* Operation restriction bypass in the setting of Session authentication (CWE-264) - CVE-2018-0533
* Browse restriction bypass in the application "Space" (CWE-264) - CVE-2018-0548
* Stored cross-site scripting in "Rich text" of the application "Message" (CWE-79) - CVE-2018-0549
* Browse restriction bypass in the application "Cabinet" (CWE-264) - CVE-2018-0550
* Stored cross-site scripting in "Rich text" of the application "Space" (CWE-79) - CVE-2018-0551

Cybozu, Inc. reported CVE-2018-0530, CVE-2018-0531, CVE-2018-0532, CVE-2018-0533 and CVE-2018-0548 vulnerabilities to JPCERT/CC to notify users of respective solutions through JVN.

Jun Kokatsu reported CVE-2018-0549 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.

ixama reported CVE-2018-0550 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.

Masato Kinugawa reported CVE-2018-0551 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.5 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-0530


CVSS V3 Severity:
Base Metrics: 5.4 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 5.5 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-0531


CVSS V3 Severity:
Base Metrics: 5.9 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: High
  • User Interaction: Required: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics: 4.9 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2018-0532


CVSS V3 Severity:
Base Metrics: 4.4 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: High
  • User Interaction: Required: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics: 3.5 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2018-0533


CVSS V3 Severity:
Base Metrics: 4.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 3.5 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-0548


CVSS V3 Severity:
Base Metrics: 5.4 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 3.5 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-0549


CVSS V3 Severity:
Base Metrics: 4.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 3.5 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-0550


CVSS V3 Severity:
Base Metrics: 5.4 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 3.5 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-0551
Affected Products


Cybozu, Inc.
  • Cybozu Garoon 3.5.0 to 4.2.6 (CVE-2018-0530)
  • Cybozu Garoon 3.0.0 to 4.2.6 (CVE-2018-0531, CVE-2018-0532, CVE-2018-0533)
  • Cybozu Garoon 4.0.0 to 4.6.0 (CVE-2018-0548)
  • Cybozu Garoon 3.0.0 to 4.6.0 (CVE-2018-0549)
  • Cybozu Garoon 3.5.0 to 4.6.1 (CVE-2018-0550)
  • Cybozu Garoon 3.0.0 to 4.6.1 (CVE-2018-0551)

Impact

* A user who can login to the product may obtain information stored in the database. - CVE-2018-0530

* A user with operational administrative privileges for 1 or more folders may view or alter an access privilege of folder and/or notification setting. - CVE-2018-0531

* A user who can login to the product with administrative privileges may alter setting data of the Standard database. - CVE-2018-0532

* A user who can login to the product with administrative privileges may alter setting data of session authentication. - CVE-2018-0533

* A user can login to the product may view the closed title of "Space". - CVE-2018-0548

* An arbitrary script may be executed on the logged in user's web browser - CVE-2018-0549, CVE-2018-0551

* A user who can login to the product may view the folder names without appropriate privileges. - CVE-2018-0550
Solution

[Update the Software]
Update to the latest version according to the information provided by the developer.

[Updated on 2018 May 31]
The developer states that the CVE-2018-0551 vulnerability was only addressed partially thus the issue still remains.
According to the developer, it is under the investigation and the complete fix for this vulnerability is to be released in the future, but the release schedule has not been determined yet.
Vendor Information

Cybozu, Inc.
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
  2. Cross-site Scripting(CWE-79) [IPA Evaluation]
  3. SQL Injection(CWE-89) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2018-0530
  2. CVE-2018-0531
  3. CVE-2018-0532
  4. CVE-2018-0533
  5. CVE-2018-0548
  6. CVE-2018-0549
  7. CVE-2018-0550
  8. CVE-2018-0551
References

  1. JVN : JVN#65268217
  2. National Vulnerability Database (NVD) : CVE-2018-0530
  3. National Vulnerability Database (NVD) : CVE-2018-0531
  4. National Vulnerability Database (NVD) : CVE-2018-0532
  5. National Vulnerability Database (NVD) : CVE-2018-0533
  6. National Vulnerability Database (NVD) : CVE-2018-0548
  7. National Vulnerability Database (NVD) : CVE-2018-0549
  8. National Vulnerability Database (NVD) : CVE-2018-0550
  9. National Vulnerability Database (NVD) : CVE-2018-0551
Revision History

  • [2018/04/09]
      Web page was published
  • [2018/04/09]
      Affected Products : Product version was modified
  • [2018/05/31]
      Solution was modified
  • [2018/06/14]
      References : Contents were added