CVE-2014-0817

Опубликовано: 27 фев. 2014

Источник: nvd

CVSS2: 4.9

EPSS Низкий

Описание

Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.

Ссылки

http://cs.cybozu.co.jp/information/gr20140225up03.php
Vendor Advisory
http://jvn.jp/en/jp/JVN24035499/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021
https://support.cybozu.com/ja-jp/article/7992
Patch
Vendor Advisory
http://cs.cybozu.co.jp/information/gr20140225up03.php
Vendor Advisory
http://jvn.jp/en/jp/JVN24035499/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021
https://support.cybozu.com/ja-jp/article/7992
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.5.3:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:2.5.4:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.7:sp2:*:*:*:*:*:*

cpe:2.3:a:cybozu:garoon:3.7:sp3:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00218

Низкий

4.9 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-5w8j-mjpq-9v7x

github

больше 3 лет назад