Vulnerability CVE-2019-5976


Published: 2019-09-12

Description:
Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors.

Type:

CWE-20

(Improper Input Validation)

Vendor: Cybozu
Product: Garoon 
Version:
4.6.3
4.6.2
4.6.1
4.6.0
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.10.2
4.10.1
4.10.0
4.10
4.0.3
4.0.2
4.0.1
4.0.0

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://jvn.jp/en/jp/JVN62618482/index.html
https://kb.cybozu.support/article/35913

Related CVE
CVE-2019-5991
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2019-5978
Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'.
CVE-2019-5977
Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'.
CVE-2019-5975
DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-5947
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.
CVE-2019-5946
Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen.
CVE-2019-5945
Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.
CVE-2019-5944
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.

Copyright 2019, cxsecurity.com

 

Back to Top