Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:55497111
HistoryJun 29, 2020 - 12:00 a.m.

JVN#55497111: Multiple vulnerabilities in Cybozu Garoon

2020-06-2900:00:00
Japan Vulnerability Notes
jvn.jp
45

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

0.005 Low

EPSS

Percentile

76.6%

JSON

Cybozu, Inc. has released security updates for Cybozu Garoon.

[CyVDB-2083] Vulnerability in Single sign-on settings to avoid viewing and operation privileges - CVE-2020-5580

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N Base Score: 8.5
CVSS v2 AV:N/AC:L/Au:S/C:P/I:P/A:N Base Score: 5.5

[CyVDB-2451] Path traversal vulnerability on the portal - CVE-2020-5581

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Base Score: 7.7
CVSS v2 AV:N/AC:L/Au:N/C:P/I:N/A:N Base Score: 5.0

[CyVDB-2097] Vulnerability to bypass operation privileges on attachments - CVE-2020-5582

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score: 4.3
CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0

[CyVDB-2289] Vulnerability in the Multi-Report to bypass view privileges - CVE-2020-5583

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3
CVSS v2 AV:N/AC:L/Au:S/C:P/I:N/A:N Base Score: 4.0

[CyVDB-2305] Vulnerability to token-related information leakage - CVE-2020-5584

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Base Score: 6.5
CVSS v2 AV:N/AC:L/Au:N/C:P/I:N/A:N Base Score: 5.0

[CyVDB-2308] Cross-site scripting vulnerability related to image asset functionality - CVE-2020-5585

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Base Score: 4.8
CVSS v2 AV:N/AC:L/Au:S/C:P/I:P/A:N Base Score: 5.5

[CyVDB-2309] Cross-site scripting vulnerability in system configuration - CVE-2020-5586

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Base Score: 4.8
CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0

[CyVDB-2361] Vulnerability to token-related information leakage - CVE-2020-5587

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Base Score: 5.3
CVSS v2 AV:N/AC:H/Au:N/C:P/I:N/A:N Base Score: 2.6

[CyVDB-2450] Path traversal vulnerability on the portal - CVE-2020-5588

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Base Score: 6.8
CVSS v2 AV:N/AC:L/Au:S/C:P/I:N/A:N Base Score: 4.0

Impact

  • [CyVDB-2083]:
    A user may view and/or alter Single sign-on settings.
  • [CyVDB-2451]:
    A user may obtain unintended information.
  • [CyVDB-2097]:
    A user may alter the data for the file attached to Report.
  • [CyVDB-2289]:
    A user may obtain Multi-Report’s data which the user has no viewing privileges of.
  • [CyVDB-2305] and [CyVDB-2361]:
    A remote attacker may obtain unintended information.
  • [CyVDB-2308] and [CyVDB-2309]:
    An arbitrary script may be executed on the web browser of the user who logged in to the product with the administrative privilege.
  • [CyVDB-2450]:
    A user with administrative privilege may obtain unintended information.

Solution

Update the Software
Update the affected software to the appropriate latest version according to the information provided by the developer.

Products Affected

[CyVDB-2083], [CyVDB-2451], [CyVDB-2097], [CyVDB-2289], [CyVDB-2305], [CyVDB-2361]

  • Cybozu Garoon 4.0.0 to 5.0.1
    [CyVDB-2308], [CyVDB-2450]

  • Cybozu Garoon 5.0.0 to 5.0.1
    [CyVDB-2309]

  • Cybozu Garoon 4.10.3 to 5.0.1

Related

nvd 9
cve 9
cvelist 9
prion 9
nvd
nvd
CVE-2020-5583
2020-06-30 11:15:10
CVE-2020-5585
2020-06-30 11:15:11
CVE-2020-5580
2020-06-30 11:15:10
cve
cve
CVE-2020-5580
2020-06-30 11:15:10
CVE-2020-5585
2020-06-30 11:15:11
CVE-2020-5583
2020-06-30 11:15:10
cvelist
cvelist
CVE-2020-5585
2020-06-30 10:20:43
CVE-2020-5583
2020-06-30 10:20:42
CVE-2020-5586
2020-06-30 10:20:43
prion
prion
Cross site scripting
2020-06-30 11:15:00
Authentication flaw
2020-06-30 11:15:00
Design/Logic Flaw
2020-06-30 11:15:00

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

0.005 Low

EPSS

Percentile

76.6%

JSON
Related for JVN:55497111
nvd9cve9cvelist9prion9