SB2019042901 - Multiple vulnerabilities in Cybozu Garoon
Published: April 29, 2019 Updated: April 28, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 21 secuirty vulnerabilities.
1) Cross-site scripting (CVE-ID: CVE-2019-5928)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in Customize Item function. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Input validation error (CVE-ID: CVE-2019-5931)
The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local privileged user can tamper with data via improper verification of file path in installer.
3) Cross-site scripting (CVE-ID: CVE-2019-5932)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in "Portal" application. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
4) Improper access control (CVE-ID: CVE-2019-5933)
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions in the application "Bulletin". A remote authenticate attacker may cause damage to data acquisition related to a bulletin board.
5) SQL injection (CVE-ID: CVE-2019-5934)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Log Search function of application "logging". A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-5935)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to operation restriction bypass in the Item function of User Information . A remote attacker can cause damage to data about user information.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-5944)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to operation restriction bypass in the application "Address". A remote attacker can cause damage to data in the address book.
8) Improper Authentication (CVE-ID: CVE-2019-5945)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper authentication. A remote attacker can cause information disclosure for authentication, bypass authentication process and gain unauthorized access to the application.
9) Open redirect (CVE-ID: CVE-2019-5946)
The vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists in the Login Screen due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
10) Cross-site scripting (CVE-ID: CVE-2019-5947)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "Cabinet" application. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
11) Cross-site scripting (CVE-ID: CVE-2019-5929)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in "Memo" application. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
12) Improper access control (CVE-ID: CVE-2019-5930)
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions in the application "Management of Basic System". A remote authenticate attacker can access otherwise restricted functionality.
13) Path traversal (CVE-ID: CVE-2019-5936)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in "Work Flow" application. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
14) Cross-site scripting (CVE-ID: CVE-2019-5937)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the user information. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
15) Cross-site scripting (CVE-ID: CVE-2019-5938)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "Mail" application. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
16) Cross-site scripting (CVE-ID: CVE-2019-5939)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "Portal" application. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
17) Cross-site scripting (CVE-ID: CVE-2019-5940)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "Scheduler" application. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
18) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-5941)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due Operation restriction bypass in the application "Multi Report". A remote authenticate attacker can cause file management data acquisition damage.
19) Improper access control (CVE-ID: CVE-2019-5942)
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions in the Multiple Files Download function of application "Cabinet". A remote authenticate attacker can access otherwise restricted functionality.
20) Improper access control (CVE-ID: CVE-2019-5943)
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions in the application "Bulletin" and the application "Cabinet". A remote authenticate attacker may cause damage to bulletin board and file management data acquisition.
21) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2020-5562)
The disclosed vulnerability allows a remote user to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input in the V-CUBE Meeting function. A remote administrator can send a specially crafted HTTP request to other web servers and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
Remediation
Install update from vendor's website.