Lucene search

JpcertCVE-2016-1190

HistoryJun 25, 2016 - 9:59 p.m.

CVE-2016-1190

2016-06-2521:59:02

CWE-284

jpcert

web.nvd.nist.gov

cybozu garoon

cve-2016-1190

multireport

security

restriction bypass

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

51.8%

JSON

Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.

Affected configurations

Nvd

Node

cybozugaroonMatch3.1.0

cybozugaroonMatch3.1.1

cybozugaroonMatch3.1.2

cybozugaroonMatch3.1.3

cybozugaroonMatch3.5.0

cybozugaroonMatch3.5.1

cybozugaroonMatch3.5.2

cybozugaroonMatch3.5.3

cybozugaroonMatch3.5.4

cybozugaroonMatch3.5.5

cybozugaroonMatch3.7.0

cybozugaroonMatch3.7.1

cybozugaroonMatch3.7.2

cybozugaroonMatch3.7.3

cybozugaroonMatch3.7.4

cybozugaroonMatch3.7.5

cybozugaroonMatch4.0.0

cybozugaroonMatch4.0.1

cybozugaroonMatch4.0.2

cybozugaroonMatch4.0.3

cybozugaroonMatch4.2.0

VendorProductVersionCPE
cybozugaroon3.1.0cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*
cybozugaroon3.1.1cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*
cybozugaroon3.1.2cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*
cybozugaroon3.1.3cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*
cybozugaroon3.5.0cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*
cybozugaroon3.5.1cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*
cybozugaroon3.5.2cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*
cybozugaroon3.5.3cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*
cybozugaroon3.5.4cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*
cybozugaroon3.5.5cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cybozu	garoon	3.1.0	cpe:2.3:a:cybozu:garoon:3.1.0:::::::*
cybozu	garoon	3.1.1	cpe:2.3:a:cybozu:garoon:3.1.1:::::::*
cybozu	garoon	3.1.2	cpe:2.3:a:cybozu:garoon:3.1.2:::::::*
cybozu	garoon	3.1.3	cpe:2.3:a:cybozu:garoon:3.1.3:::::::*
cybozu	garoon	3.5.0	cpe:2.3:a:cybozu:garoon:3.5.0:::::::*
cybozu	garoon	3.5.1	cpe:2.3:a:cybozu:garoon:3.5.1:::::::*
cybozu	garoon	3.5.2	cpe:2.3:a:cybozu:garoon:3.5.2:::::::*
cybozu	garoon	3.5.3	cpe:2.3:a:cybozu:garoon:3.5.3:::::::*
cybozu	garoon	3.5.4	cpe:2.3:a:cybozu:garoon:3.5.4:::::::*
cybozu	garoon	3.5.5	cpe:2.3:a:cybozu:garoon:3.5.5:::::::*

Rows per page:

1-10 of 211

References

jvn.jp/en/jp/JVN18975349/index.html

jvndb.jvn.jp/jvndb/JVNDB-2016-000094

garoon.cybozu.co.jp/support/update/package/421sp1.html#03

support.cybozu.com/ja-jp/article/8877

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

51.8%

JSON

Related for CVE-2016-1190