CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
EPSS
Percentile
73.9%
Cybozu Garoon is a groupware. Cybozu Garoon contains multiple PHP code execution vulnerabilities.
[CyVDB-863] Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code, [CyVDB-867] Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code (CVE-2015-5646) [CyVDB-866] Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code in RSS Reader function (CVE-2015-5647) For more details, refer to the information provided by the developer.
An authenticated attacker may execute arbitrary PHP code on the application server.
Apply the Patch
Apply the appropriate patch according to the information provided by the developer.
[Added on May 30, 2016]
Update the Software
The developer has released the version that contains a fix for this vulnerability.
Update to the latest version according to the information provided by the developer.