CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
17.8%
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
Improper handling of data in Mail (CWE-231) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Base Score 4.9 CVE-2024-31397 CyVDB-3167Improper restriction on the output of some API (CWE-201)CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score 4.3 CVE-2024-31398 CyVDB-3221Excessive resource consumption in Mail (CWE-1050)CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Base Score 4.3 CVE-2024-31399 CyVDB-3238Cross-site scripting vulnerability in Scheduler (CWE-79)CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N Base Score 6.9 CVE-2024-31401 CyVDB-3439Improper restriction on some operation in Shared To-Dos (CWE-863)CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2024-31402 CyVDB-3441Information disclosure in Mail (CWE-201)CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Base Score 4.3 CVE-2024-31400 CyVDB-3402Improper restriction on browsing and operation in Memo (CWE-863)CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Base Score 5.4 CVE-2024-31403 CyVDB-3151Browse restriction bypass in Scheduler (CWE-201) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score 4.3 CVE-2024-31404 CyVDB-3471
Update the Software
Update the software to the latest version according to the information provided by the developer.
CVE-2024-31397, CVE-2024-31398, CVE-2024-31399, CVE-2024-31401, CVE-2024-31402
Cybozu Garoon 5.0.0 to 5.15.2
CVE-2024-31400
Cybozu Garoon 5.0.0 to 5.15.0
CVE-2024-31403
Cybozu Garoon 5.0.0 to 6.0.0
CVE-2024-31404
Cybozu Garoon 5.5.0 to 6.0.0