Vulnerability CVE-2016-1188


Published: 2016-06-25   Modified: 2016-06-27

Description:
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.

Vendor: Cybozu
Product: Garoon 
Version:
4.2.0
4.0.3
4.0.2
4.0.1
4.0.0
3.7.5
3.7.4
3.7.3
3.7.2
3.7.1
3.7.0
3.5.5
3.5.4
3.5.3
3.5.2
3.5.1
3.5.0
3.1.3
3.1.2
3.1.1
3.1.0

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
https://support.cybozu.com/ja-jp/article/8845
https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000077
http://jvn.jp/en/jp/JVN18975349/index.html

Related CVE
CVE-2017-2115
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.
CVE-2017-2114
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-2116
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.
CVE-2017-2109
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.
CVE-2017-2094
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
CVE-2017-2095
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.
CVE-2017-2091
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.
CVE-2017-2092
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

Copyright 2017, cxsecurity.com