CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
41.4%
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
SQL injection in the application “Address” (CWE-89) - CVE-2018-0530
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | Base Score: 6.5 |
CVSS v2 | AV:N/AC:L/Au:S/C:P/I:N/A:N | Base Score: 4.0 |
Operation restriction bypass in the “Folder settings” (CWE-264) - CVE-2018-0531
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:L/Au:S/C:P/I:P/A:N | Base Score: 5.5 |
Operation restriction bypass in the setting of Login authentication (CWE-264) - CVE-2018-0532
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H | Base Score: 5.9 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:P | Base Score: 4.9 |
Operation restriction bypass in the setting of Session authentication (CWE-264) - CVE-2018-0533
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H | Base Score: 4.4 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:N/A:P | Base Score: 3.5 |
Browse restriction bypass in the application “Space” (CWE-264) - CVE-2018-0548
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:M/Au:S/C:P/I:N/A:N | Base Score: 3.5 |
Stored cross-site scripting in “Rich text” of the application “Message” (CWE-79) - CVE-2018-0549
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
Browse restriction bypass in the application “Cabinet” (CWE-264) - CVE-2018-0550
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:M/Au:S/C:P/I:N/A:N | Base Score: 3.5 |
Stored cross-site scripting in “Rich text” of the application “Space” (CWE-79) - CVE-2018-0551
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
Update the Software
Update to the latest version according to the information provided by the developer.
[Updated on 2018 May 31]
The developer states that the CVE-2018-0551 vulnerability was only addressed partially thus the issue still remains.
According to the developer, it is under the investigation and the complete fix for this vulnerability is to be released in the future, but the release schedule has not been determined yet.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
41.4%