Vulnerability Details CVE-2016-1189
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.1%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 5.5
References
- http://jvn.jp/en/jp/JVN18975349/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000093
- https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03
- https://support.cybozu.com/ja-jp/article/9020
- http://jvn.jp/en/jp/JVN18975349/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000093
- https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03
- https://support.cybozu.com/ja-jp/article/9020
Products affected by CVE-2016-1189
-
cpe:2.3:a:cybozu:garoon:3.1.0
-
cpe:2.3:a:cybozu:garoon:3.1.1
-
cpe:2.3:a:cybozu:garoon:3.1.2
-
cpe:2.3:a:cybozu:garoon:3.1.3
-
cpe:2.3:a:cybozu:garoon:3.5.0
-
cpe:2.3:a:cybozu:garoon:3.5.1
-
cpe:2.3:a:cybozu:garoon:3.5.2
-
cpe:2.3:a:cybozu:garoon:3.5.3
-
cpe:2.3:a:cybozu:garoon:3.5.4
-
cpe:2.3:a:cybozu:garoon:3.5.5
-
cpe:2.3:a:cybozu:garoon:3.7.0
-
cpe:2.3:a:cybozu:garoon:3.7.1
-
cpe:2.3:a:cybozu:garoon:3.7.2
-
cpe:2.3:a:cybozu:garoon:3.7.3
-
cpe:2.3:a:cybozu:garoon:3.7.4
-
cpe:2.3:a:cybozu:garoon:3.7.5
-
cpe:2.3:a:cybozu:garoon:4.0.0
-
cpe:2.3:a:cybozu:garoon:4.0.1
-
cpe:2.3:a:cybozu:garoon:4.0.2
-
cpe:2.3:a:cybozu:garoon:4.0.3
-
cpe:2.3:a:cybozu:garoon:4.2.0