Lucene search

K
jvnJapan Vulnerability NotesJVN:18700809
HistoryJun 27, 2008 - 12:00 a.m.

JVN#18700809 Cybozu Garoon session fixation vulnerability

2008-06-2700:00:00
Japan Vulnerability Notes
jvn.jp
12

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

87.2%

Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into Cybozu Garoon using a session ID provided by the attacker.

Impact

A remote attacker impersonating a logged in user may execute arbitrary code with the privilege of the user. As a result, disclosure or alteration of information may occur.

Solution

Update the Software
Apply the latest update provided by the vendor.

Products Affected

  • Cybozu Garoon version 2.0.0 - 2.1.3

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

87.2%

Related for JVN:18700809