Lucene search

JpcertCVE-2024-31398

HistoryJun 11, 2024 - 6:15 a.m.

CVE-2024-31398

2024-06-1106:15:10

jpcert

web.nvd.nist.gov

cybozu garoon

sensitive information

data insertion

vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

Percentile

14.7%

JSON

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.

Affected configurations

Nvd

Vulners

Node

cybozugaroonRange5.0.0–5.15.2

VendorProductVersionCPE
cybozugaroon*cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cybozu	garoon	*	cpe:2.3:a:cybozu:garoon::::::::

CNA Affected

[
  {
    "vendor": "Cybozu, Inc.",
    "product": "Cybozu Garoon",
    "versions": [
      {
        "version": "5.0.0 to 5.15.2",
        "status": "affected"
      }
    ]
  }
]

References

cs.cybozu.co.jp/2024/007901.html

jvn.jp/en/jp/JVN28869536/

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

Percentile

14.7%

JSON

Related for CVE-2024-31398