Lucene search

JpcertCVE-2016-4908

HistoryJun 09, 2017 - 4:29 p.m.

CVE-2016-4908

2017-06-0916:29:00

CWE-284

jpcert

web.nvd.nist.gov

cybozu garoon

cve-2016-4908

remote attack

authenticated attack

access restriction bypass

rss settings

security vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

0.002

Percentile

52.1%

JSON

Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user’s private RSS settings via unspecified vectors.

Affected configurations

Nvd

Vulners

Node

cybozugaroonMatch3.0.0

cybozugaroonMatch3.0.1

cybozugaroonMatch3.0.2

cybozugaroonMatch3.0.3

cybozugaroonMatch3.1.0

cybozugaroonMatch3.1.1

cybozugaroonMatch3.1.2

cybozugaroonMatch3.1.3

cybozugaroonMatch3.5.0

cybozugaroonMatch3.5.1

cybozugaroonMatch3.5.2

cybozugaroonMatch3.5.3

cybozugaroonMatch3.5.4

cybozugaroonMatch3.5.5

cybozugaroonMatch3.7.0

cybozugaroonMatch3.7.1

cybozugaroonMatch3.7.2

cybozugaroonMatch3.7.3

cybozugaroonMatch3.7.4

cybozugaroonMatch3.7.5

cybozugaroonMatch4.0.0

cybozugaroonMatch4.0.1

cybozugaroonMatch4.0.2

cybozugaroonMatch4.0.3

cybozugaroonMatch4.2.0

cybozugaroonMatch4.2.1

cybozugaroonMatch4.2.2

VendorProductVersionCPE
cybozugaroon3.0.0cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*
cybozugaroon3.0.1cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*
cybozugaroon3.0.2cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*
cybozugaroon3.0.3cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*
cybozugaroon3.1.0cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*
cybozugaroon3.1.1cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*
cybozugaroon3.1.2cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*
cybozugaroon3.1.3cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*
cybozugaroon3.5.0cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*
cybozugaroon3.5.1cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cybozu	garoon	3.0.0	cpe:2.3:a:cybozu:garoon:3.0.0:::::::*
cybozu	garoon	3.0.1	cpe:2.3:a:cybozu:garoon:3.0.1:::::::*
cybozu	garoon	3.0.2	cpe:2.3:a:cybozu:garoon:3.0.2:::::::*
cybozu	garoon	3.0.3	cpe:2.3:a:cybozu:garoon:3.0.3:::::::*
cybozu	garoon	3.1.0	cpe:2.3:a:cybozu:garoon:3.1.0:::::::*
cybozu	garoon	3.1.1	cpe:2.3:a:cybozu:garoon:3.1.1:::::::*
cybozu	garoon	3.1.2	cpe:2.3:a:cybozu:garoon:3.1.2:::::::*
cybozu	garoon	3.1.3	cpe:2.3:a:cybozu:garoon:3.1.3:::::::*
cybozu	garoon	3.5.0	cpe:2.3:a:cybozu:garoon:3.5.0:::::::*
cybozu	garoon	3.5.1	cpe:2.3:a:cybozu:garoon:3.5.1:::::::*

Rows per page:

1-10 of 271

CNA Affected

[
  {
    "product": "Cybozu Garoon",
    "vendor": "Cybozu, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0 to 4.2.2"
      }
    ]
  }
]

References

www.securityfocus.com/bid/94966

www.securityfocus.com/bid/97912

jvn.jp/en/jp/JVN14631222/index.html

support.cybozu.com/ja-jp/article/9399

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

0.002

Percentile

52.1%

JSON

Related for CVE-2016-4908