Published:2021/08/02 Last Updated:2022/05/24
JVN#54794245
Multiple vulnerabilities in Cybozu Garoon
Overview
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities.
Products Affected
[CyVDB-1782], [CyVDB-2029], [CyVDB-2071], [CyVDB-2085], [CyVDB-2092], [CyVDB-2099], [CyVDB-2234], [CyVDB-2245], [CyVDB-2283], [CyVDB-2368], [CyVDB-2374], [CyVDB-2388], [CyVDB-2406], [CyVDB-2407], [CyVDB-2446], [CyVDB-2448]
- Cybozu Garoon 4.0.0 to 5.0.2
- Cybozu Garoon 4.6.0 to 5.0.2
- Cybozu Garoon 4.0.0 to 5.5.0
- Cybozu Garoon 4.10.0 to 5.5.0
Description
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
- [CyVDB-1782] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2021-20753
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5 - [CyVDB-2029] Improper input validation vulnerability in Workflow (CWE-20) - CVE-2021-20754
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score: 4.3 CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0 - [CyVDB-2071] Viewing restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20755
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3 CVSS v2 AV:N/AC:L/Au:S/C:P/I:N/A:N Base Score: 4.0 - [CyVDB-2085] Viewing restrictions bypass vulnerability in Address (CWE-264) - CVE-2021-20756
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3 CVSS v2 AV:N/AC:L/Au:S/C:P/I:N/A:N Base Score: 4.0 - [CyVDB-2092] Operational restrictions bypass vulnerability in E-mail (CWE-264) - CVE-2021-20757
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score: 4.3 CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0 - [CyVDB-2099] Cross-site request forgery vulnerability in Message (CWE-352) - CVE-2021-20758
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score: 4.3 CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6 - [CyVDB-2103] Operational restrictions bypass vulnerability in Bulletin (CWE-264) - CVE-2021-20759
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score: 4.3 CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0 - [CyVDB-2234] Improper input validation vulnerability in User Profile (CWE-20) - CVE-2021-20760
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score: 4.3 CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0 - [CyVDB-2245][CyVDB-2374] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20761
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N Base Score: 4.1 CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0 - [CyVDB-2283] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20762
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N Base Score: 5.0 CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0 - [CyVDB-2368] Operational restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20763
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score: 4.3 CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0 - [CyVDB-2388] Improper input validation vulnerability in Attaching Files (CWE-20) - CVE-2021-20764
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Base Score: 4.3 CVSS v2 AV:N/AC:H/Au:N/C:P/I:N/A:N Base Score: 2.6 - [CyVDB-2406] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20765
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1 CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6 - [CyVDB-2407] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20766
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1 CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6 - [CyVDB-2446] Cross-site scripting vulnerability in Full Text Search (CWE-79) - CVE-2021-20767
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5 - [CyVDB-2448] Operational restrictions bypass vulnerability in Scheduler and MultiReport (CWE-264) - CVE-2021-20768
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score: 4.3 CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0 - [CyVDB-2568] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20769
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5 - [CyVDB-2659] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20770
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5 - [CyVDB-2193] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20771
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1 CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6 - [CyVDB-2479] Title information disclosure vulnerability in Bulletin (CWE-264) - CVE-2021-20772
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3 CVSS v2 AV:N/AC:L/Au:S/C:P/I:N/A:N Base Score: 4.0 - [CyVDB-2755] Vulnerability where route information of Workflow is deleted unintentionally - CVE-2021-20773
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Base Score: 5.4 CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:P Base Score: 5.5 - [CyVDB-2766] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20774
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5 - [CyVDB-2903] Comment destination information disclosure vulnerability (CWE-20) - CVE-2021-20775
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3 CVSS v2 AV:N/AC:L/Au:S/C:P/I:N/A:N Base Score: 4.0
Impact
- [CyVDB-1782], [CyVDB-2193], [CyVDB-2406], [CyVDB-2407], [CyVDB-2446], [CyVDB-2568], [CyVDB-2659], [CyVDB-2766]:
An arbitrary script may be executed on a logged-in user's web browser. - [CyVDB-2029]:
A user who can log in to the product may alter the data of Workflow without the appropriate privilege. - [CyVDB-2071]:
A user who can log in to the product may obtain the data of Portal without the viewing privilege. - [CyVDB-2085]:
A user who can log in to the product may obtain the data of Address without the viewing privilege. - [CyVDB-2092], [CyVDB-2283]:
A user who can log in to the product may alter the data of E-mail without the appropriate privilege. - [CyVDB-2099]:
If a user views a malicious page while logged in, unintended operations may be performed. - [CyVDB-2103]:
A user who can log in to the product may alter the data of Bulletin without the appropriate privilege. - [CyVDB-2234]:
A user who can log in to the product may alter the data of User Profile without the appropriate privilege. - [CyVDB-2245]、[CyVDB-2374]:
A user who can log in to the product with administrative privilege may alter the data of E-mail without the appropriate privilege. - [CyVDB-2368]:
A user who can log in to the product may alter the data of Portal without the appropriate privilege. - [CyVDB-2388]:
A remote attacker may obtain the data of Attaching Files. - [CyVDB-2448]:
A user who can log in to the product may delete the data of Scheduler and MultiReport without the appropriate privilege. - [CyVDB-2479]:
A user who can log in to the product may obtain the title of Bulletin without the viewing privilege. - [CyVDB-2755]:
A user who can log in to the product may delete the route information of Workflow without the appropriate privilege. - [CyVDB-2903]:
A user who can log in to the product may obtain the data of Comment and Space without the viewing privilege.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Cybozu, Inc. | Vulnerable | 2022/05/24 | Cybozu, Inc. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
CVE-2021-20753
Masato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20755, CVE-2021-20764, CVE-2021-20765, CVE-2021-20766
Yuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20760, CVE-2021-20761, CVE-2021-20767
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20771
Ren Hirasawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20754, CVE-2021-20756, CVE-2021-20757, CVE-2021-20758, CVE-2021-20759, CVE-2021-20762, CVE-2021-20763, CVE-2021-20768, CVE-2021-20769, CVE-2021-20770, CVE-2021-20772, CVE-2021-20773, CVE-2021-20774, CVE-2021-20775
Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2021-20753 |
|
CVE-2021-20754 |
|
|
CVE-2021-20755 |
|
|
CVE-2021-20756 |
|
|
CVE-2021-20757 |
|
|
CVE-2021-20758 |
|
|
CVE-2021-20759 |
|
|
CVE-2021-20760 |
|
|
CVE-2021-20761 |
|
|
CVE-2021-20762 |
|
|
CVE-2021-20763 |
|
|
CVE-2021-20764 |
|
|
CVE-2021-20765 |
|
|
CVE-2021-20766 |
|
|
CVE-2021-20767 |
|
|
CVE-2021-20768 |
|
|
CVE-2021-20769 |
|
|
CVE-2021-20770 |
|
|
CVE-2021-20771 |
|
|
CVE-2021-20772 |
|
|
CVE-2021-20773 |
|
|
CVE-2021-20774 |
|
|
CVE-2021-20775 |
|
| JVN iPedia |
JVNDB-2021-000073 |
Update History
- 2022/05/24
- Information under the section [Description] was fixed.
- 2022/05/24
- Cybozu, Inc. update status