Vulnerability-Lookup

CVE-2019-5942 (GCVE-0-2019-5942)

Vulnerability from cvelistv5 – Published: 2019-05-17 15:25 – Updated: 2024-08-04 20:09

Summary

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.

Severity

4.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

Fails to restrict access

Assigner

jpcert

References

2 references

URL	Tags
http://jvn.jp/en/jp/JVN58849431/index.html	x_refsource_MISC
https://kb.cybozu.support/article/35485/	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Cybozu, Inc.	Cybozu Garoon	Affected: 4.0.0 to 4.10.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:09:23.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/35485/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Garoon",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0 to 4.10.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Fails to restrict access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-17T15:25:55.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/35485/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-5942",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Garoon",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0.0 to 4.10.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Fails to restrict access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://jvn.jp/en/jp/JVN58849431/index.html",
              "refsource": "MISC",
              "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/35485/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/35485/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2019-5942",
    "datePublished": "2019-05-17T15:25:55.000Z",
    "dateReserved": "2019-01-10T00:00:00.000Z",
    "dateUpdated": "2024-08-04T20:09:23.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-5942",
      "date": "2026-06-10",
      "epss": "0.00153",
      "percentile": "0.35769"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5942\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2019-05-17T16:29:04.847\",\"lastModified\":\"2024-11-21T04:45:47.260\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027.\"},{\"lang\":\"es\",\"value\":\"Cybozu Garoon 4.0.0 a 4.10.1 permite a los atacantes remotos autenticados eludir  el Access Restriction para obtener archivos sin privilegios de acceso por medio de la funci\u00f3n Multiple Files Download de la aplicaci\u00f3n \u0027Cabinet\u0027.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndIncluding\":\"4.10.1\",\"matchCriteriaId\":\"61297B3F-396E-42C4-BEC1-041207A7EBC2\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN58849431/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kb.cybozu.support/article/35485/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://jvn.jp/en/jp/JVN58849431/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kb.cybozu.support/article/35485/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2019-12696

Vulnerability from cnvd - Published: 2019-04-28

Title

Cybozu Garoon访问控制错误漏洞（CNVD-2019-12696）

Description

Cybozu Garoon是日本才望子（Cybozu）公司的一套门户型OA办公系统。该系统提供门户、E-mail、书签、日程安排、公告栏、文件管理等功能。 Cybozu Garoon 4.0.0版本至4.10.1版本中存在访问控制错误漏洞。该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问。攻击者可利用漏洞登录到产品的用户可以在没有查看权限的情况下查看信息。

Severity

中

Patch Name

Cybozu Garoon访问控制错误漏洞（CNVD-2019-12696）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://kb.cybozu.support/article/35485/

Reference

https://jvn.jp/en/jp/JVN58849431/

Impacted products

Name
Cybozu Garoon >=4.0.0，<=4.10.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5942"
    }
  },
  "description": "Cybozu Garoon\u662f\u65e5\u672c\u624d\u671b\u5b50\uff08Cybozu\uff09\u516c\u53f8\u7684\u4e00\u5957\u95e8\u6237\u578bOA\u529e\u516c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u95e8\u6237\u3001E-mail\u3001\u4e66\u7b7e\u3001\u65e5\u7a0b\u5b89\u6392\u3001\u516c\u544a\u680f\u3001\u6587\u4ef6\u7ba1\u7406\u7b49\u529f\u80fd\u3002\n\nCybozu Garoon 4.0.0\u7248\u672c\u81f34.10.1\u7248\u672c\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u9650\u5236\u6765\u81ea\u672a\u6388\u6743\u89d2\u8272\u7684\u8d44\u6e90\u8bbf\u95ee\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u767b\u5f55\u5230\u4ea7\u54c1\u7684\u7528\u6237\u53ef\u4ee5\u5728\u6ca1\u6709\u67e5\u770b\u6743\u9650\u7684\u60c5\u51b5\u4e0b\u67e5\u770b\u4fe1\u606f\u3002",
  "discovererName": "Cybozu",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://kb.cybozu.support/article/35485/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-12696",
  "openTime": "2019-04-28",
  "patchDescription": "Cybozu Garoon\u662f\u65e5\u672c\u624d\u671b\u5b50\uff08Cybozu\uff09\u516c\u53f8\u7684\u4e00\u5957\u95e8\u6237\u578bOA\u529e\u516c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u95e8\u6237\u3001E-mail\u3001\u4e66\u7b7e\u3001\u65e5\u7a0b\u5b89\u6392\u3001\u516c\u544a\u680f\u3001\u6587\u4ef6\u7ba1\u7406\u7b49\u529f\u80fd\u3002\r\n\r\nCybozu Garoon 4.0.0\u7248\u672c\u81f34.10.1\u7248\u672c\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u9650\u5236\u6765\u81ea\u672a\u6388\u6743\u89d2\u8272\u7684\u8d44\u6e90\u8bbf\u95ee\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u767b\u5f55\u5230\u4ea7\u54c1\u7684\u7528\u6237\u53ef\u4ee5\u5728\u6ca1\u6709\u67e5\u770b\u6743\u9650\u7684\u60c5\u51b5\u4e0b\u67e5\u770b\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cybozu Garoon\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2019-12696\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Cybozu Garoon \u003e=4.0.0\uff0c\u003c=4.10.1"
  },
  "referenceLink": "https://jvn.jp/en/jp/JVN58849431/",
  "serverity": "\u4e2d",
  "submitTime": "2019-04-28",
  "title": "Cybozu Garoon\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2019-12696\uff09"
}

FKIE_CVE-2019-5942

Vulnerability from fkie_nvd - Published: 2019-05-17 16:29 - Updated: 2024-11-21 04:45

Severity

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN58849431/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://kb.cybozu.support/article/35485/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN58849431/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kb.cybozu.support/article/35485/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cybozu	garoon	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61297B3F-396E-42C4-BEC1-041207A7EBC2",
              "versionEndIncluding": "4.10.1",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027."
    },
    {
      "lang": "es",
      "value": "Cybozu Garoon 4.0.0 a 4.10.1 permite a los atacantes remotos autenticados eludir  el Access Restriction para obtener archivos sin privilegios de acceso por medio de la funci\u00f3n Multiple Files Download de la aplicaci\u00f3n \u0027Cabinet\u0027."
    }
  ],
  "id": "CVE-2019-5942",
  "lastModified": "2024-11-21T04:45:47.260",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-17T16:29:04.847",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.cybozu.support/article/35485/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.cybozu.support/article/35485/"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-J88R-3C3Q-H5JH

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2022-05-24 16:46

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5942"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-17T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027.",
  "id": "GHSA-j88r-3c3q-h5jh",
  "modified": "2022-05-24T16:46:04Z",
  "published": "2022-05-24T16:46:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5942"
    },
    {
      "type": "WEB",
      "url": "https://kb.cybozu.support/article/35485"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2019-5942

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-5942

Aliases

CVE-2019-5942

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-5942",
    "description": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027.",
    "id": "GSD-2019-5942"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-5942"
      ],
      "details": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027.",
      "id": "GSD-2019-5942",
      "modified": "2023-12-13T01:23:54.839005Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2019-5942",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cybozu Garoon",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "4.0.0 to 4.10.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cybozu, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Fails to restrict access"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://jvn.jp/en/jp/JVN58849431/index.html",
            "refsource": "MISC",
            "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
          },
          {
            "name": "https://kb.cybozu.support/article/35485/",
            "refsource": "MISC",
            "url": "https://kb.cybozu.support/article/35485/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.10.1",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-5942"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.cybozu.support/article/35485/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.cybozu.support/article/35485/"
            },
            {
              "name": "http://jvn.jp/en/jp/JVN58849431/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-05-17T16:29Z"
    }
  }
}

JVNDB-2019-000023

Vulnerability from jvndb - Published: 2019-04-25 17:13 - Updated:2023-11-08 16:39

Severity

6.0 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Summary

Multiple vulnerabilities in Cybozu Garoon

Details

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * Cross-site scripting in the additional processing of Customize Item function (CWE-79) - CVE-2019-5928 * Cross-site scripting in the application "Memo" (CWE-79) - CVE-2019-5929 * Browse restriction bypass in the application "Management of Basic System" (CWE-264) - CVE-2019-5930 * Improper verification of file path in installer (CWE-20) - CVE-2019-5931 * Stored cross-site scripting in the application "Portal" (CWE-79) - CVE-2019-5932 * Browse restriction bypass in the application "Bulletin" (CWE-284) - CVE-2019-5933 * SQL injection in the Log Search function of application "logging" (CWE-89) - CVE-2019-5934 * Operation restriction bypass in the Item function of User Information (CWE-264) - CVE-2019-5935 * Directory traversal in the application "Work Flow" (CWE-22) - CVE-2019-5936 * Cross-site scripting in the user information (CWE-79) - CVE-2019-5937 * Stored cross-site scripting in the application "Mail" (CWE-79) - CVE-2019-5938 * Cross-site scripting in the application "Portal" (CWE-79) - CVE-2019-5939 * Cross-site scripting in the application "Scheduler" (CWE-79) - CVE-2019-5940 * Operation restriction bypass in the application "Multi Report" (CWE-264) - CVE-2019-5941 * Browse restriction bypass in the Multiple Files Download function of application "Cabinet" (CWE-284) - CVE-2019-5942 * Browse restriction bypass in the application "Bulletin" and the application "Cabinet" (CWE-284) - CVE-2019-5943 * Operation restriction bypass in the application "Address" (CWE-264) - CVE-2019-5944 * Information disclosure in the authentication of Cybozu Garoon (CWE-287) - CVE-2019-5945 * Open redirect in the Login Screen (CWE-601) - CVE-2019-5946 * Cross-site scripting in the application "Cabinet" (CWE-79) - CVE-2019-5947 * Server-side request forgery in the V-CUBE Meeting function (CWE-918) - CVE-2020-5562 Cybozu, Inc. reported the following vulnerabilities to JPCERT/CC to notify users of the solution through JVN. * CVE-2019-5928, CVE-2019-5930, CVE-2019-5931, CVE-2019-5932, CVE-2019-5935, CVE-2019-5936, CVE-2019-5942 and CVE-2019-5947 by Cybozu, Inc. * CVE-2019-5929, CVE-2019-5937, CVE-2019-5938, CVE-2019-5939 and CVE-2019-5940 by Masato Kinugawa * CVE-2019-5933, CVE-2019-5941 and CVE-2019-5946 by Yuji Tounai * CVE-2019-5934 and CVE-2019-5945 by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. * CVE-2019-5943 by ixama * CVE-2019-5944 by Tanghaifeng * CVE-2020-5562 by Kanta Nishitani

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN58849431/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2020-5562
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5928
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5929
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5930
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5931
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5932
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5933
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5934
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5935
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5936
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5937
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5938
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5939
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5940
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5941
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5942
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5943
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5944
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5945
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5946
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5947
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5928
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5929
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5930
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5931
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5932
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5933
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5934
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5935
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5936
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5937
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5938
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5939
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5940
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5941
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5942
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5943
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5944
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5945
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5946
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5947
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5562
	Improper Input Validation(CWE-20)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Information Exposure(CWE-200)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Path Traversal(CWE-22)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	SQL Injection(CWE-89)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000023.html",
  "dc:date": "2023-11-08T16:39+09:00",
  "dcterms:issued": "2019-04-25T17:13+09:00",
  "dcterms:modified": "2023-11-08T16:39+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n\r\n* Cross-site scripting in the additional processing of Customize Item function (CWE-79) - CVE-2019-5928\r\n* Cross-site scripting in the application \"Memo\" (CWE-79) - CVE-2019-5929\r\n* Browse restriction bypass in the application \"Management of Basic System\" (CWE-264) - CVE-2019-5930\r\n* Improper verification of file path in installer (CWE-20) - CVE-2019-5931\r\n* Stored cross-site scripting in the application \"Portal\" (CWE-79) - CVE-2019-5932\r\n* Browse restriction bypass in the application \"Bulletin\" (CWE-284) - CVE-2019-5933\r\n* SQL injection in the Log Search function of application \"logging\" (CWE-89) - CVE-2019-5934\r\n* Operation restriction bypass in the Item function of User Information (CWE-264) - CVE-2019-5935\r\n* Directory traversal in the application \"Work Flow\" (CWE-22) - CVE-2019-5936\r\n* Cross-site scripting in the user information (CWE-79) - CVE-2019-5937\r\n* Stored cross-site scripting in the application \"Mail\" (CWE-79) - CVE-2019-5938\r\n* Cross-site scripting in the application \"Portal\" (CWE-79) - CVE-2019-5939\r\n* Cross-site scripting in the application \"Scheduler\" (CWE-79) - CVE-2019-5940\r\n* Operation restriction bypass in the application \"Multi Report\" (CWE-264) - CVE-2019-5941\r\n* Browse restriction bypass in the Multiple Files Download function of application \"Cabinet\" (CWE-284) - CVE-2019-5942\r\n* Browse restriction bypass in the application \"Bulletin\" and the application \"Cabinet\" (CWE-284) - CVE-2019-5943\r\n* Operation restriction bypass in the application \"Address\" (CWE-264) - CVE-2019-5944\r\n* Information disclosure in the authentication of Cybozu Garoon (CWE-287) - CVE-2019-5945\r\n* Open redirect in the Login Screen (CWE-601) - CVE-2019-5946\r\n* Cross-site scripting in the application \"Cabinet\" (CWE-79) - CVE-2019-5947\r\n* Server-side request forgery in the V-CUBE Meeting function (CWE-918) - CVE-2020-5562\r\n\r\nCybozu, Inc. reported the following vulnerabilities to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n* CVE-2019-5928, CVE-2019-5930, CVE-2019-5931, CVE-2019-5932, CVE-2019-5935, CVE-2019-5936, CVE-2019-5942 and CVE-2019-5947 by Cybozu, Inc.\r\n* CVE-2019-5929, CVE-2019-5937, CVE-2019-5938, CVE-2019-5939 and CVE-2019-5940 by Masato Kinugawa\r\n* CVE-2019-5933, CVE-2019-5941 and CVE-2019-5946 by Yuji Tounai\r\n* CVE-2019-5934 and CVE-2019-5945 by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.\r\n* CVE-2019-5943 by ixama\r\n* CVE-2019-5944 by Tanghaifeng\r\n* CVE-2020-5562 by Kanta Nishitani",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000023.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2019-000023",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN58849431/index.html",
      "@id": "JVN#58849431",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2020-5562",
      "@id": "CVE-2020-5562",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5928",
      "@id": "CVE-2019-5928",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5929",
      "@id": "CVE-2019-5929",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5930",
      "@id": "CVE-2019-5930",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5931",
      "@id": "CVE-2019-5931",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5932",
      "@id": "CVE-2019-5932",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5933",
      "@id": "CVE-2019-5933",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5934",
      "@id": "CVE-2019-5934",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5935",
      "@id": "CVE-2019-5935",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5936",
      "@id": "CVE-2019-5936",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5937",
      "@id": "CVE-2019-5937",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5938",
      "@id": "CVE-2019-5938",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5939",
      "@id": "CVE-2019-5939",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5940",
      "@id": "CVE-2019-5940",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5941",
      "@id": "CVE-2019-5941",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5942",
      "@id": "CVE-2019-5942",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5943",
      "@id": "CVE-2019-5943",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5944",
      "@id": "CVE-2019-5944",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5945",
      "@id": "CVE-2019-5945",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5946",
      "@id": "CVE-2019-5946",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5947",
      "@id": "CVE-2019-5947",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5928",
      "@id": "CVE-2019-5928",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5929",
      "@id": "CVE-2019-5929",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5930",
      "@id": "CVE-2019-5930",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5931",
      "@id": "CVE-2019-5931",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5932",
      "@id": "CVE-2019-5932",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5933",
      "@id": "CVE-2019-5933",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5934",
      "@id": "CVE-2019-5934",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5935",
      "@id": "CVE-2019-5935",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5936",
      "@id": "CVE-2019-5936",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5937",
      "@id": "CVE-2019-5937",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5938",
      "@id": "CVE-2019-5938",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5939",
      "@id": "CVE-2019-5939",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5940",
      "@id": "CVE-2019-5940",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5941",
      "@id": "CVE-2019-5941",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5942",
      "@id": "CVE-2019-5942",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5943",
      "@id": "CVE-2019-5943",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5944",
      "@id": "CVE-2019-5944",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5945",
      "@id": "CVE-2019-5945",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5946",
      "@id": "CVE-2019-5946",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5947",
      "@id": "CVE-2019-5947",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5562",
      "@id": "CVE-2020-5562",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Garoon"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-5942 (GCVE-0-2019-5942)

CNVD-2019-12696

FKIE_CVE-2019-5942

GHSA-J88R-3C3Q-H5JH

GSD-2019-5942

JVNDB-2019-000023

Tags

Sightings

Nomenclature