CVE-2019-5943 : Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass ac

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.

Published 2019-05-17 16:29:05

Updated 2020-08-24 17:37:01

Source JPCERT/CC

View at NVD, CVE.org

Products affected by CVE-2019-5943

Cybozu » Garoon
Versions from including (>=) 4.0.0 and up to, including, (<=) 4.10.1
cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-5943

EPSS FAQ

0.15%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 33 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-5943

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

References for CVE-2019-5943

https://kb.cybozu.support/article/35486/

不具合情報公開サイト
Vendor Advisory
http://jvn.jp/en/jp/JVN58849431/index.html

JVN#58849431: Multiple vulnerabilities in Cybozu Garoon
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-5943

Products affected by CVE-2019-5943

Exploit prediction scoring system (EPSS) score for CVE-2019-5943

CVSS scores for CVE-2019-5943

References for CVE-2019-5943