Lucene search

K
jvnJapan Vulnerability NotesJVN:75990997
HistoryJul 15, 2014 - 12:00 a.m.

JVN#75990997: Cybozu Garoon vulnerable to access restriction bypass

2014-07-1500:00:00
Japan Vulnerability Notes
jvn.jp
17

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

44.6%

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function “Portlets”, which may result in an access restriction bypass vulnerability (CWE-264).

Impact

Portlets may be altered by another Cybozu Garoon user.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Products Affected

  • Cybozu Garoon 2.0.0 to 3.7 Service Pack 3

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

44.6%

Related for JVN:75990997