[Japanese]
|
JVNDB-2023-000049
|
Multiple vulnerabilities in Cybozu Garoon
|
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* [CyVDB-3122] Denial-of-service (DoS) in Message (CWE-400) - CVE-2023-26595
* [CyVDB-3142] Operation restriction bypass vulnerability in Message and Bulletin (CWE-285) - CVE-2023-27304
* [CyVDB-3165] Operation restriction bypass vulnerability in MultiReport (CWE-284) - CVE-2023-27384
CVE-2023-27384
Yuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
CVE-2023-26595, CVE-2023-27304
Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
|
CVSS V3 Severity: Base Metrics 5.0 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
CVSS V2 Severity: Base Metrics 4.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: Single Instance
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2023-26595
|
CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: Single
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-27304
|
CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: Single
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-27384
|
|
Cybozu, Inc.
- Cybozu Garoon 4.10.0 to 5.9.2 [CyVDB-3122]
- Cybozu Garoon 4.6.0 to 5.9.2 [CyVDB-3142]
- Cybozu Garoon 5.15.0 [CyVDB-3165]
|
|
* [CyVDB-3122]:
A user who can log in to the product may be able to cause a denial-of-service (DoS) condition.
* [CyVDB-3142]:
A user who can log in to the product may alter the data of Message and/or Bulletin.
* [CyVDB-3165]:
A user who can log in to the product may alter the data of MultiReport.
|
[Update the Software]
Update the software to the latest version according to the information provided by the developer.
|
Cybozu, Inc.
|
- Permissions(CWE-264) [IPA Evaluation]
- No Mapping(CWE-Other) [IPA Evaluation]
|
- CVE-2023-26595
- CVE-2023-27304
- CVE-2023-27384
|
- JVN : JVN#41694426
- National Vulnerability Database (NVD) : CVE-2023-26595
- National Vulnerability Database (NVD) : CVE-2023-27304
- National Vulnerability Database (NVD) : CVE-2023-27384
|
- [2023/05/15]
Web page was published
- [2024/05/24]
References : Contents were added
|