Lucene search

[email protected]CVE-2014-1996

HistoryJul 20, 2014 - 11:12 a.m.

CVE-2014-1996

2014-07-2011:12:49

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-1996

cybozu garoon

access restriction bypass

api call

remote code execution

denial of service

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.5%

JSON

Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.

Affected configurations

NVD

Node

cybozugaroonMatch3.7sp1

cybozugaroonMatch3.7sp2

cybozugaroonMatch3.7sp3

cybozugaroonMatch3.7.0

CPENameOperatorVersion
cybozu:garooncybozu garooneq3.7
cybozu:garooncybozu garooneq3.7.0

CPE	Name	Operator	Version
cybozu:garoon	cybozu garoon	eq	3.7
cybozu:garoon	cybozu garoon	eq	3.7.0

References

cs.cybozu.co.jp/information/gr20140714up01.php

jvn.jp/en/jp/JVN31082531/index.html

jvndb.jvn.jp/jvndb/JVNDB-2014-000074

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.5%

JSON

Related for CVE-2014-1996

prion1 cvelist1 nvd1 jvn1