Published:2021/08/02  Last Updated:2022/05/24

JVN#54794245
Multiple vulnerabilities in Cybozu Garoon

Overview

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities.

Products Affected

[CyVDB-1782], [CyVDB-2029], [CyVDB-2071], [CyVDB-2085], [CyVDB-2092], [CyVDB-2099], [CyVDB-2234], [CyVDB-2245], [CyVDB-2283], [CyVDB-2368], [CyVDB-2374], [CyVDB-2388], [CyVDB-2406], [CyVDB-2407], [CyVDB-2446], [CyVDB-2448]

  • Cybozu Garoon 4.0.0 to 5.0.2
[CyVDB-2103], [CyVDB-2568], [CyVDB-2659]
  • Cybozu Garoon 4.6.0 to 5.0.2
[CyVDB-2193], [CyVDB-2755], [CyVDB-2766]
  • Cybozu Garoon 4.0.0 to 5.5.0
[CyVDB-2479], [CyVDB-2903]
  • Cybozu Garoon 4.10.0 to 5.5.0

Description

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.

  • [CyVDB-1782] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2021-20753
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4
    CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5
  • [CyVDB-2029] Improper input validation vulnerability in Workflow (CWE-20) - CVE-2021-20754
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score: 4.3
    CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0
  • [CyVDB-2071] Viewing restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20755
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3
    CVSS v2 AV:N/AC:L/Au:S/C:P/I:N/A:N Base Score: 4.0
  • [CyVDB-2085] Viewing restrictions bypass vulnerability in Address (CWE-264) - CVE-2021-20756
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3
    CVSS v2 AV:N/AC:L/Au:S/C:P/I:N/A:N Base Score: 4.0
  • [CyVDB-2092] Operational restrictions bypass vulnerability in E-mail (CWE-264) - CVE-2021-20757
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score: 4.3
    CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0
  • [CyVDB-2099] Cross-site request forgery vulnerability in Message (CWE-352) - CVE-2021-20758
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score: 4.3
    CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6
  • [CyVDB-2103] Operational restrictions bypass vulnerability in Bulletin (CWE-264) - CVE-2021-20759
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score: 4.3
    CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0
  • [CyVDB-2234] Improper input validation vulnerability in User Profile (CWE-20) - CVE-2021-20760
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score: 4.3
    CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0
  • [CyVDB-2245][CyVDB-2374] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20761
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N Base Score: 4.1
    CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0
  • [CyVDB-2283] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20762
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N Base Score: 5.0
    CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0
  • [CyVDB-2368] Operational restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20763
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score: 4.3
    CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0
  • [CyVDB-2388] Improper input validation vulnerability in Attaching Files (CWE-20) - CVE-2021-20764
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Base Score: 4.3
    CVSS v2 AV:N/AC:H/Au:N/C:P/I:N/A:N Base Score: 2.6
  • [CyVDB-2406] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20765
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1
    CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6
  • [CyVDB-2407] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20766
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1
    CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6
  • [CyVDB-2446] Cross-site scripting vulnerability in Full Text Search (CWE-79) - CVE-2021-20767
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4
    CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5
  • [CyVDB-2448] Operational restrictions bypass vulnerability in Scheduler and MultiReport (CWE-264) - CVE-2021-20768
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score: 4.3
    CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0
  • [CyVDB-2568] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20769
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4
    CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5
  • [CyVDB-2659] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20770
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4
    CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5
  • [CyVDB-2193] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20771
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1
    CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6
  • [CyVDB-2479] Title information disclosure vulnerability in Bulletin (CWE-264) - CVE-2021-20772
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3
    CVSS v2 AV:N/AC:L/Au:S/C:P/I:N/A:N Base Score: 4.0
  • [CyVDB-2755] Vulnerability where route information of Workflow is deleted unintentionally - CVE-2021-20773
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Base Score: 5.4
    CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:P Base Score: 5.5
  • [CyVDB-2766] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20774
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4
    CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5
  • [CyVDB-2903] Comment destination information disclosure vulnerability (CWE-20) - CVE-2021-20775
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3
    CVSS v2 AV:N/AC:L/Au:S/C:P/I:N/A:N Base Score: 4.0

Impact

  • [CyVDB-1782], [CyVDB-2193], [CyVDB-2406], [CyVDB-2407], [CyVDB-2446], [CyVDB-2568], [CyVDB-2659], [CyVDB-2766]:
    An arbitrary script may be executed on a logged-in user's web browser.
  • [CyVDB-2029]:
    A user who can log in to the product may alter the data of Workflow without the appropriate privilege.
  • [CyVDB-2071]:
    A user who can log in to the product may obtain the data of Portal without the viewing privilege.
  • [CyVDB-2085]:
    A user who can log in to the product may obtain the data of Address without the viewing privilege.
  • [CyVDB-2092], [CyVDB-2283]:
    A user who can log in to the product may alter the data of E-mail without the appropriate privilege.
  • [CyVDB-2099]:
    If a user views a malicious page while logged in, unintended operations may be performed.
  • [CyVDB-2103]:
    A user who can log in to the product may alter the data of Bulletin without the appropriate privilege.
  • [CyVDB-2234]:
    A user who can log in to the product may alter the data of User Profile without the appropriate privilege.
  • [CyVDB-2245]、[CyVDB-2374]:
    A user who can log in to the product with administrative privilege may alter the data of E-mail without the appropriate privilege.
  • [CyVDB-2368]:
    A user who can log in to the product may alter the data of Portal without the appropriate privilege.
  • [CyVDB-2388]:
    A remote attacker may obtain the data of Attaching Files.
  • [CyVDB-2448]:
    A user who can log in to the product may delete the data of Scheduler and MultiReport without the appropriate privilege.
  • [CyVDB-2479]:
    A user who can log in to the product may obtain the title of Bulletin without the viewing privilege.
  • [CyVDB-2755]:
    A user who can log in to the product may delete the route information of Workflow without the appropriate privilege.
  • [CyVDB-2903]:
    A user who can log in to the product may obtain the data of Comment and Space without the viewing privilege.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
Cybozu, Inc. Vulnerable 2022/05/24 Cybozu, Inc. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2021-20753
Masato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solutions through JVN.

CVE-2021-20755, CVE-2021-20764, CVE-2021-20765, CVE-2021-20766
Yuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.

CVE-2021-20760, CVE-2021-20761, CVE-2021-20767
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.

CVE-2021-20771
Ren Hirasawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solutions through JVN.

CVE-2021-20754, CVE-2021-20756, CVE-2021-20757, CVE-2021-20758, CVE-2021-20759, CVE-2021-20762, CVE-2021-20763, CVE-2021-20768, CVE-2021-20769, CVE-2021-20770, CVE-2021-20772, CVE-2021-20773, CVE-2021-20774, CVE-2021-20775
Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.

Update History

2022/05/24
Information under the section [Description] was fixed.
2022/05/24
Cybozu, Inc. update status