CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
Percentile
54.9%
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the process of downloading files.
A user who can log in to the product may obtain files on the server.
For Cybozu Garoon 3.7:
Apply the Patch
Apply the appropriate patch according to the information provided by the developer.
For Cybozu Garoon 3.5 and earlier and Cybozu Garoon 2.5.4 and earlier:
Update the Software and apply the patch
Update to the latest version, and then apply the appropriate patch according to the information provided by the developer.