Refine your search
4 vulnerabilities found for GroupSession by Japan Total System Co.,Ltd.
jvndb-2021-000111
Vulnerability from jvndb
Published
2021-12-20 14:53
Modified
2021-12-21 14:20
Severity ?
Summary
Multiple vulnerabilities in GroupSession
Details
GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.
*Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2021-20874
*Open redirect (CWE-601) - CVE-2021-20875
*Path Traversal (CWE-22) - CVE-2021-20876
CVE-2021-20874
TAKUMA SHIGA reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20875, CVE-2021-20876
Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000111.html",
"dc:date": "2021-12-21T14:20+09:00",
"dcterms:issued": "2021-12-20T14:53+09:00",
"dcterms:modified": "2021-12-21T14:20+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.\r\n\r\n*Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2021-20874\r\n*Open redirect (CWE-601) - CVE-2021-20875\r\n*Path Traversal (CWE-22) - CVE-2021-20876\r\n\r\nCVE-2021-20874\r\nTAKUMA SHIGA reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20875, CVE-2021-20876\r\nTsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000111.html",
"sec:cpe": {
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000111",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN79798166/index.html",
"@id": "JVN#79798166",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2021-20874",
"@id": "CVE-2021-20874",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2021-20875",
"@id": "CVE-2021-20875",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2021-20876",
"@id": "CVE-2021-20876",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20874",
"@id": "CVE-2021-20874",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20875",
"@id": "CVE-2021-20875",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20876",
"@id": "CVE-2021-20876",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in GroupSession"
}
jvndb-2021-000070
Vulnerability from jvndb
Published
2021-07-19 15:41
Modified
2023-03-08 17:02
Severity ?
Summary
Multiple vulnerabilities in GroupSession
Details
GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.
*Cross-site scripting vulnerability (CWE-79) - CVE-2021-20785
*Cross-site request forgery (CWE-352) - CVE-2021-20786
*Cross-site scripting vulnerability (CWE-79) - CVE-2021-20787
*Sever-side request forgery (CWE-918) - CVE-2021-20788
*Open redirect (CWE-601) - CVE-2021-20789
CVE-2021-20785, CVE-2021-20786
ASAI Ken reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20787, CVE-2021-20788, CVE-2021-20789
Ryo Sato of BroadBand Security,Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000070.html",
"dc:date": "2023-03-08T17:02+09:00",
"dcterms:issued": "2021-07-19T15:41+09:00",
"dcterms:modified": "2023-03-08T17:02+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.\r\n*Cross-site scripting vulnerability (CWE-79) - CVE-2021-20785\r\n*Cross-site request forgery (CWE-352) - CVE-2021-20786\r\n*Cross-site scripting vulnerability (CWE-79) - CVE-2021-20787\r\n*Sever-side request forgery (CWE-918) - CVE-2021-20788\r\n*Open redirect (CWE-601) - CVE-2021-20789\r\n\r\nCVE-2021-20785, CVE-2021-20786\r\nASAI Ken reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20787, CVE-2021-20788, CVE-2021-20789\r\nRyo Sato of BroadBand Security,Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000070.html",
"sec:cpe": [
{
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000070",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN86026700/index.html",
"@id": "JVN#86026700",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20785",
"@id": "CVE-2021-20785",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20786",
"@id": "CVE-2021-20786",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20787",
"@id": "CVE-2021-20787",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20788",
"@id": "CVE-2021-20788",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20789",
"@id": "CVE-2021-20789",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20785",
"@id": "CVE-2021-20785",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20786",
"@id": "CVE-2021-20786",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20787",
"@id": "CVE-2021-20787",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20788",
"@id": "CVE-2021-20788",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20789",
"@id": "CVE-2021-20789",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in GroupSession"
}
jvndb-2018-000003
Vulnerability from jvndb
Published
2018-01-19 14:19
Modified
2018-04-11 11:37
Severity ?
Summary
GroupSession vulnerable to open redirect
Details
GroupSession provided by Japan Total System Co.,Ltd. is an open source groupware. GroupSession contains an open redirect vulnerability (CWE-601).
Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000003.html",
"dc:date": "2018-04-11T11:37+09:00",
"dcterms:issued": "2018-01-19T14:19+09:00",
"dcterms:modified": "2018-04-11T11:37+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. is an open source groupware. GroupSession contains an open redirect vulnerability (CWE-601).\r\n\r\nNorihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000003.html",
"sec:cpe": {
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000003",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN26200083/index.html",
"@id": "JVN#26200083",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2166",
"@id": "CVE-2017-2166",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2166",
"@id": "CVE-2017-2166",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "GroupSession vulnerable to open redirect"
}
jvndb-2017-000089
Vulnerability from jvndb
Published
2017-05-25 14:14
Modified
2018-01-24 11:59
Severity ?
Summary
GroupSession fails to restrict access permissions
Details
GroupSession provided by Japan Total System Co.,Ltd. is open source groupware. GroupSession fails to restrict access permissions.
Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000089.html",
"dc:date": "2018-01-24T11:59+09:00",
"dcterms:issued": "2017-05-25T14:14+09:00",
"dcterms:modified": "2018-01-24T11:59+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. is open source groupware. GroupSession fails to restrict access permissions.\r\n\r\nNorihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000089.html",
"sec:cpe": {
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000089",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN42164352/index.html",
"@id": "JVN#42164352",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2165",
"@id": "CVE-2017-2165",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2165",
"@id": "CVE-2017-2165",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "GroupSession fails to restrict access permissions"
}