JVN#65268217: Multiple vulnerabilities in Cybozu Garoon

Overview

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities.

Products Affected

Cybozu Garoon 3.5.0 to 4.2.6 (CVE-2018-0530)
Cybozu Garoon 3.0.0 to 4.2.6 (CVE-2018-0531, CVE-2018-0532, CVE-2018-0533)
Cybozu Garoon 4.0.0 to 4.6.0 (CVE-2018-0548)
Cybozu Garoon 3.0.0 to 4.6.0 (CVE-2018-0549)
Cybozu Garoon 3.5.0 to 4.6.1 (CVE-2018-0550)
Cybozu Garoon 3.0.0 to 4.6.1 (CVE-2018-0551)

Description

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.

SQL injection in the application "Address" (CWE-89) - CVE-2018-0530

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score: 6.5

CVSS v2 AV:N/AC:L/Au:S/C:P/I:N/A:N Base Score: 4.0
Operation restriction bypass in the "Folder settings" (CWE-264) - CVE-2018-0531

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Base Score: 5.4

CVSS v2 AV:N/AC:L/Au:S/C:P/I:P/A:N Base Score: 5.5
Operation restriction bypass in the setting of Login authentication (CWE-264) - CVE-2018-0532

CVSS v3 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H Base Score: 5.9

CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:P Base Score: 4.9
Operation restriction bypass in the setting of Session authentication (CWE-264) - CVE-2018-0533

CVSS v3 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H Base Score: 4.4

CVSS v2 AV:N/AC:M/Au:S/C:N/I:N/A:P Base Score: 3.5
Browse restriction bypass in the application "Space" (CWE-264) - CVE-2018-0548

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3

CVSS v2 AV:N/AC:M/Au:S/C:P/I:N/A:N Base Score: 3.5
Stored cross-site scripting in "Rich text" of the application "Message" (CWE-79) - CVE-2018-0549

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4

CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5
Browse restriction bypass in the application "Cabinet" (CWE-264) - CVE-2018-0550

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3

CVSS v2 AV:N/AC:M/Au:S/C:P/I:N/A:N Base Score: 3.5
Stored cross-site scripting in "Rich text" of the application "Space" (CWE-79) - CVE-2018-0551

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4

CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5

Impact

A user who can login to the product may obtain information stored in the database. - CVE-2018-0530
A user with operational administrative privileges for 1 or more folders may view or alter an access privilege of folder and/or notification setting. - CVE-2018-0531
A user who can login to the product with administrative privileges may alter setting data of the Standard database. - CVE-2018-0532
A user who can login to the product with administrative privileges may alter setting data of session authentication. - CVE-2018-0533
A user can login to the product may view the closed title of "Space". - CVE-2018-0548
An arbitrary script may be executed on the logged in user's web browser - CVE-2018-0549, CVE-2018-0551
A user who can login to the product may view the folder names without appropriate privileges. - CVE-2018-0550

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

[Updated on 2018 May 31]
The developer states that the CVE-2018-0551 vulnerability was only addressed partially thus the issue still remains.
According to the developer, it is under the investigation and the complete fix for this vulnerability is to be released in the future, but the release schedule has not been determined yet.

Vendor Status

Vendor	Status	Last Update	Vendor Notes
Cybozu, Inc.	Vulnerable	2018/04/09	Cybozu, Inc. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Cybozu, Inc. reported CVE-2018-0530, CVE-2018-0531, CVE-2018-0532, CVE-2018-0533 and CVE-2018-0548 vulnerabilities to JPCERT/CC to notify users of respective solutions through JVN.

Jun Kokatsu reported CVE-2018-0549 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.

ixama reported CVE-2018-0550 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.

Masato Kinugawa reported CVE-2018-0551 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2018-0530
	CVE-2018-0531
	CVE-2018-0532
	CVE-2018-0533
	CVE-2018-0548
	CVE-2018-0549
	CVE-2018-0550
	CVE-2018-0551
JVN iPedia	JVNDB-2018-000031

Update History

2018/04/09: Fixed information under [Products Affected]
2018/05/31: Added the information regarding CVE-2018-0551 vulnerability under [Solution]

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	Base Score: 6.5
CVSS v2	AV:N/AC:L/Au:S/C:P/I:N/A:N	Base Score: 4.0

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	Base Score: 5.4
CVSS v2	AV:N/AC:L/Au:S/C:P/I:P/A:N	Base Score: 5.5

CVSS v3	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H	Base Score: 5.9
CVSS v2	AV:N/AC:M/Au:S/C:N/I:P/A:P	Base Score: 4.9

CVSS v3	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H	Base Score: 4.4
CVSS v2	AV:N/AC:M/Au:S/C:N/I:N/A:P	Base Score: 3.5

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	Base Score: 4.3
CVSS v2	AV:N/AC:M/Au:S/C:P/I:N/A:N	Base Score: 3.5

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	Base Score: 5.4
CVSS v2	AV:N/AC:M/Au:S/C:N/I:P/A:N	Base Score: 3.5

JVN#65268217 Multiple vulnerabilities in Cybozu Garoon