Japan Vulnerability NotesJVN:57942454JVN#57942454: Cybozu Garoon vulnerable to improper input validation
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
38.6%
Cybozu Garoon provided by Cybozu, Inc. contains an improper input validation vulnerability (CWE-20).
Impact
A user who can login to the product may delete some data of the bulletin board.
Solution
Update the software and Apply the patch
Update the software to Cybozu Garoon version 5.0.2, and then apply the patch according to the information provided by the developer.
[Updated on 2021 August 2]
Update the Software
The developer has released the version that contains a fix for this vulnerability.
Update to the latest version according to the information provided by the developer.
Products Affected
[CyVDB-2814]
- Cybozu Garoon 5.0.0 to 5.0.2
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
38.6%