Japan Vulnerability NotesJVN:21025396JVN#21025396: Multiple PHP code execution vulnerabilitles in Cybozu Garoon
8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
73.9%
Cybozu Garoon is a groupware. Cybozu Garoon contains multiple PHP code execution vulnerabilities.
[CyVDB-863] Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code, [CyVDB-867] Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code (CVE-2015-5646) [CyVDB-866] Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code in RSS Reader function (CVE-2015-5647) For more details, refer to the information provided by the developer.
Impact
An authenticated attacker may execute arbitrary PHP code on the application server.
Solution
Apply the Patch
Apply the appropriate patch according to the information provided by the developer.
[Added on May 30, 2016]
Update the Software
The developer has released the version that contains a fix for this vulnerability.
Update to the latest version according to the information provided by the developer.
Products Affected
- Cybozu Garoon 3.0.0 to 4.0.3
Related
8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
73.9%