CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
52.4%
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
[CyVDB-1584][CyVDB-2670] Operation restriction bypass vulnerability in Bulletin (CWE-285) - CVE-2022-28718
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
[CyVDB-1865][CyVDB-2692] Operation restriction bypass vulnerability in Workflow (CWE-285) - CVE-2022-27661
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
[CyVDB-2660] Improper input validation vulnerability in Space (CWE-20) - CVE-2022-29892
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:N/A:P | Base Score: 4.0 |
[CyVDB-2667] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2022-29513
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | Base Score: 4.8 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
[CyVDB-2685] Browse restriction bypass vulnerability in Bulletin (CWE-284) - CVE-2022-29471
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:P/I:N/A:N | Base Score: 4.0 |
[CyVDB-2689] Operation restriction bypass vulnerability in Portal (CWE-285) - CVE-2022-26051
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
[CyVDB-2718] Improper input validation vulnerability in Scheduler (CWE-20) - CVE-2022-28692
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
[CyVDB-2839] Improper input validation vulnerability in Space (CWE-20) - CVE-2022-27803
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
[CyVDB-2841] Browse restriction bypass and operation restriction bypass vulnerability in Cabinet (CWE-285) - CVE-2022-26368
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
[CyVDB-2889] Cross-site scripting vulnerability in Organization’s Information (CWE-79) - CVE-2022-27627
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:M/Au:N/C:N/I:P/A:N | Base Score: 4.3 |
[CyVDB-2897] Operation restriction bypass vulnerability in Link (CWE-285) - CVE-2022-26054
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
[CyVDB-2906] Improper input validation vulnerability in Link (CWE-20) - CVE-2022-27807
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:N/A:P | Base Score: 4.0 |
[CyVDB-2932] Address information disclosure vulnerability (CWE-200) - CVE-2022-29467
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:P/I:N/A:N | Base Score: 4.0 |
[CyVDB-2940] Improper authentication vulnerability in Scheduler (CWE-287) - CVE-2022-28713
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Base Score: 5.3 |
CVSS v2 | AV:N/AC:L/Au:N/C:P/I:N/A:N | Base Score: 5.0 |
[CyVDB-3001] Operation restriction bypass vulnerability in Space (CWE-285) - CVE-2022-29484
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
[CyVDB-2911] Browse restriction bypass vulnerability in Cabinet (CWE-284) - CVE-2022-31472
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:P/I:N/A:N | Base Score: 4.0 |
Update the Software
Update to the latest version according to the information provided by the developer.
[CyVDB-1584], [CyVDB-1865], [CyVDB-2670], [CyVDB-2660], [CyVDB-2689], [CyVDB-2692], [CyVDB-2718], [CyVDB-2839], [CyVDB-2841], [CyVDB-2897], [CyVDB-2906], [CyVDB-2911]
Cybozu Garoon 4.0.0 to 5.5.1
[CyVDB-2667]、[CyVDB-2940]
Cybozu Garoon 4.10.0 to 5.5.1
[CyVDB-2685]
Cybozu Garoon 4.6.0 to 5.9.0
[CyVDB-2889]
Cybozu Garoon 4.10.2 to 5.5.1
[CyVDB-2932]
Cybozu Garoon 4.2.0 to 5.5.1
[CyVDB-3001]
Cybozu Garoon 4.0.0 to 5.9.0
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
52.4%