JVN#65268217: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.

SQL injection in the application “Address” (CWE-89) - CVE-2018-0530

Version	Vector	Score
CVSS v3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	Base Score: 6.5
CVSS v2	AV:N/AC:L/Au:S/C:P/I:N/A:N	Base Score: 4.0

Operation restriction bypass in the “Folder settings” (CWE-264) - CVE-2018-0531

Version	Vector	Score
CVSS v3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	Base Score: 5.4
CVSS v2	AV:N/AC:L/Au:S/C:P/I:P/A:N	Base Score: 5.5

Operation restriction bypass in the setting of Login authentication (CWE-264) - CVE-2018-0532

Version	Vector	Score
CVSS v3	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H	Base Score: 5.9
CVSS v2	AV:N/AC:M/Au:S/C:N/I:P/A:P	Base Score: 4.9

Operation restriction bypass in the setting of Session authentication (CWE-264) - CVE-2018-0533

Version	Vector	Score
CVSS v3	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H	Base Score: 4.4
CVSS v2	AV:N/AC:M/Au:S/C:N/I:N/A:P	Base Score: 3.5

Browse restriction bypass in the application “Space” (CWE-264) - CVE-2018-0548

Version	Vector	Score
CVSS v3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	Base Score: 4.3
CVSS v2	AV:N/AC:M/Au:S/C:P/I:N/A:N	Base Score: 3.5

Stored cross-site scripting in “Rich text” of the application “Message” (CWE-79) - CVE-2018-0549

Version	Vector	Score
CVSS v3	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	Base Score: 5.4
CVSS v2	AV:N/AC:M/Au:S/C:N/I:P/A:N	Base Score: 3.5

Browse restriction bypass in the application “Cabinet” (CWE-264) - CVE-2018-0550

Version	Vector	Score
CVSS v3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	Base Score: 4.3
CVSS v2	AV:N/AC:M/Au:S/C:P/I:N/A:N	Base Score: 3.5

Stored cross-site scripting in “Rich text” of the application “Space” (CWE-79) - CVE-2018-0551

Version	Vector	Score
CVSS v3	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	Base Score: 5.4
CVSS v2	AV:N/AC:M/Au:S/C:N/I:P/A:N	Base Score: 3.5

Impact

• A user who can login to the product may obtain information stored in the database. - CVE-2018-0530
• A user with operational administrative privileges for 1 or more folders may view or alter an access privilege of folder and/or notification setting. - CVE-2018-0531
• A user who can login to the product with administrative privileges may alter setting data of the Standard database. - CVE-2018-0532
• A user who can login to the product with administrative privileges may alter setting data of session authentication. - CVE-2018-0533
• A user can login to the product may view the closed title of “Space”. - CVE-2018-0548
• An arbitrary script may be executed on the logged in user’s web browser - CVE-2018-0549, CVE-2018-0551
• A user who can login to the product may view the folder names without appropriate privileges. - CVE-2018-0550

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

[Updated on 2018 May 31]
The developer states that the CVE-2018-0551 vulnerability was only addressed partially thus the issue still remains.
According to the developer, it is under the investigation and the complete fix for this vulnerability is to be released in the future, but the release schedule has not been determined yet.

Products Affected

• Cybozu Garoon 3.5.0 to 4.2.6 (CVE-2018-0530)
• Cybozu Garoon 3.0.0 to 4.2.6 (CVE-2018-0531, CVE-2018-0532, CVE-2018-0533)
• Cybozu Garoon 4.0.0 to 4.6.0 (CVE-2018-0548)
• Cybozu Garoon 3.0.0 to 4.6.0 (CVE-2018-0549)
• Cybozu Garoon 3.5.0 to 4.6.1 (CVE-2018-0550)
• Cybozu Garoon 3.0.0 to 4.6.1 (CVE-2018-0551)