Published:2018/04/09  Last Updated:2018/05/31

JVN#65268217
Multiple vulnerabilities in Cybozu Garoon

Overview

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities.

Products Affected

  • Cybozu Garoon 3.5.0 to 4.2.6 (CVE-2018-0530)
  • Cybozu Garoon 3.0.0 to 4.2.6 (CVE-2018-0531, CVE-2018-0532, CVE-2018-0533)
  • Cybozu Garoon 4.0.0 to 4.6.0 (CVE-2018-0548)
  • Cybozu Garoon 3.0.0 to 4.6.0 (CVE-2018-0549)
  • Cybozu Garoon 3.5.0 to 4.6.1 (CVE-2018-0550)
  • Cybozu Garoon 3.0.0 to 4.6.1 (CVE-2018-0551)

Description

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.

  • SQL injection in the application "Address" (CWE-89) - CVE-2018-0530
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score: 6.5
    CVSS v2 AV:N/AC:L/Au:S/C:P/I:N/A:N Base Score: 4.0
  • Operation restriction bypass in the "Folder settings" (CWE-264) - CVE-2018-0531
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Base Score: 5.4
    CVSS v2 AV:N/AC:L/Au:S/C:P/I:P/A:N Base Score: 5.5
  • Operation restriction bypass in the setting of Login authentication (CWE-264) - CVE-2018-0532
    CVSS v3 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H Base Score: 5.9
    CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:P Base Score: 4.9
  • Operation restriction bypass in the setting of Session authentication (CWE-264) - CVE-2018-0533
    CVSS v3 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H Base Score: 4.4
    CVSS v2 AV:N/AC:M/Au:S/C:N/I:N/A:P Base Score: 3.5
  • Browse restriction bypass in the application "Space" (CWE-264) - CVE-2018-0548
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3
    CVSS v2 AV:N/AC:M/Au:S/C:P/I:N/A:N Base Score: 3.5
  • Stored cross-site scripting in "Rich text" of the application "Message" (CWE-79) - CVE-2018-0549
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4
    CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5
  • Browse restriction bypass in the application "Cabinet" (CWE-264) - CVE-2018-0550
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3
    CVSS v2 AV:N/AC:M/Au:S/C:P/I:N/A:N Base Score: 3.5
  • Stored cross-site scripting in "Rich text" of the application "Space" (CWE-79) - CVE-2018-0551
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4
    CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5

Impact

  • A user who can login to the product may obtain information stored in the database. - CVE-2018-0530
  • A user with operational administrative privileges for 1 or more folders may view or alter an access privilege of folder and/or notification setting. - CVE-2018-0531
  • A user who can login to the product with administrative privileges may alter setting data of the Standard database. - CVE-2018-0532
  • A user who can login to the product with administrative privileges may alter setting data of session authentication. - CVE-2018-0533
  • A user can login to the product may view the closed title of "Space". - CVE-2018-0548
  • An arbitrary script may be executed on the logged in user's web browser - CVE-2018-0549, CVE-2018-0551
  • A user who can login to the product may view the folder names without appropriate privileges. - CVE-2018-0550

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

[Updated on 2018 May 31]
The developer states that the CVE-2018-0551 vulnerability was only addressed partially thus the issue still remains.
According to the developer, it is under the investigation and the complete fix for this vulnerability is to be released in the future, but the release schedule has not been determined yet.

Vendor Status

Vendor Status Last Update Vendor Notes
Cybozu, Inc. Vulnerable 2018/04/09 Cybozu, Inc. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Cybozu, Inc. reported CVE-2018-0530, CVE-2018-0531, CVE-2018-0532, CVE-2018-0533 and CVE-2018-0548 vulnerabilities to JPCERT/CC to notify users of respective solutions through JVN.

Jun Kokatsu reported CVE-2018-0549 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.

ixama reported CVE-2018-0550 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.

Masato Kinugawa reported CVE-2018-0551 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2018-0530
CVE-2018-0531
CVE-2018-0532
CVE-2018-0533
CVE-2018-0548
CVE-2018-0549
CVE-2018-0550
CVE-2018-0551
JVN iPedia JVNDB-2018-000031

Update History

2018/04/09
Fixed information under [Products Affected]
2018/05/31
Added the information regarding CVE-2018-0551 vulnerability under [Solution]