CVE-2016-4908

MEDIUM

Cybozu Garoon 3.0.0-4.2.2 - Authenticated Improper Access Control

Title source: llm
STIX 2.1

Description

Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvn
https://jvn.jp/en/jp/JVN14631222/index.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/97912
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94966
Vendor Advisory x_refsource_confirm
https://support.cybozu.com/ja-jp/article/9399

Scores

CVSS v3 4.3
EPSS 0.0021
EPSS Percentile 43.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-284
Status published
Products (28)
cybozu/garoon 3.0.0
cybozu/garoon 3.0.1
cybozu/garoon 3.0.2
cybozu/garoon 3.0.3
cybozu/garoon 3.1.0
cybozu/garoon 3.1.1
cybozu/garoon 3.1.2
cybozu/garoon 3.1.3
cybozu/garoon 3.5.0
cybozu/garoon 3.5.1
... and 18 more
Published Jun 09, 2017
Tracked Since Feb 18, 2026