JVN#63564682: Multiple vulnerabilities in Cybozu Garoon

Overview

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities.

Products Affected

Cybozu Garoon 3.5.0 to 4.2.5 (CVE-2017-2254)
Cybozu Garoon 3.7.0 to 4.2.5 (CVE-2017-2255)
Cybozu Garoon 3.0.0 to 4.2.5 (CVE-2017-2256, CVE-2017-2257)
Cybozu Garoon 4.2.4 to 4.2.5 (CVE-2017-2258)

Description

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.

Denial-of-service (DoS) vulnerability in the application menu's edit function (CWE-20) - CVE-2017-2254

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H Base Score: 5.5

CVSS v2 AV:N/AC:L/AU:S/C:N/I:P/A:P Base Score: 5.5
Stored cross-site scripting in the "Rich text" function of the application "Space" (CWE-79) - CVE-2017-2255

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4

CVSS v2 AV:N/AC:L/AU:S/C:N/I:P/A:N Base Score: 4.0
Stored cross-site scripting in the "Rich text" function of the application "Memo" (CWE-79) - CVE-2017-2256

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4

CVSS v2 AV:N/AC:L/AU:S/C:N/I:P/A:N Base Score: 4.0
Cross-site scripting in the mail function (CWE-79) - CVE-2017-2257

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1

CVSS v2 AV:N/AC:L/AU:N/C:N/I:P/A:N Base Score: 5.0
Directory traversal in the Garoon SOAP API "WorkflowHandleApplications" (CWE-22) - CVE-2017-2258

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3

CVSS v2 AV:N/AC:L/AU:S/C:P/I:N/A:N Base Score: 4.0

Impact

An attacker may be able to cause a denial-of-service (DoS) - CVE-2017-2254
An arbitrary script may be executed on the logged-in user's web browser - CVE-2017-2255、CVE-2017-2256、CVE-2017-2257
An attacker may check the presence of a directory on the server - CVE-2017-2258

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Vendor Status

Vendor	Status	Last Update	Vendor Notes
Cybozu, Inc.	Vulnerable	2017/08/21	Cybozu, Inc. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Cybozu, Inc. reported CVE-2017-2258 vulnerability to JPCERT/CC to notify users of its solution through JVN.

Jun Kokatsu reported CVE-2017-2254 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.

Masato Kinugawa reported CVE-2017-2255, CVE-2017-2256 and CVE-2017-2257 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2017-2254
	CVE-2017-2255
	CVE-2017-2256
	CVE-2017-2257
	CVE-2017-2258
JVN iPedia	JVNDB-2017-000202

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H	Base Score: 5.5
CVSS v2	AV:N/AC:L/AU:S/C:N/I:P/A:P	Base Score: 5.5

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	Base Score: 5.4
CVSS v2	AV:N/AC:L/AU:S/C:N/I:P/A:N	Base Score: 4.0

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	Base Score: 6.1
CVSS v2	AV:N/AC:L/AU:N/C:N/I:P/A:N	Base Score: 5.0

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	Base Score: 4.3
CVSS v2	AV:N/AC:L/AU:S/C:P/I:N/A:N	Base Score: 4.0

JVN#63564682 Multiple vulnerabilities in Cybozu Garoon