cvelistv5 - cve-2019-5944

CVE-2019-5944 (GCVE-0-2019-5944)

Vulnerability from cvelistv5

Published

2019-05-17 15:25

Modified

2024-08-04 20:09

Severity ?

CWE

Fails to restrict access

Summary

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN58849431/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://kb.cybozu.support/article/35487/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN58849431/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kb.cybozu.support/article/35487/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Cybozu, Inc.	Cybozu Garoon	Version: 4.0.0 to 4.10.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:09:24.000Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/35487/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Garoon",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0 to 4.10.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application \u0027Address\u0027 without modify privileges via the application \u0027Address\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Fails to restrict access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-17T15:25:55",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/35487/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-5944",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Garoon",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0.0 to 4.10.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application \u0027Address\u0027 without modify privileges via the application \u0027Address\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Fails to restrict access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://jvn.jp/en/jp/JVN58849431/index.html",
              "refsource": "MISC",
              "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/35487/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/35487/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2019-5944",
    "datePublished": "2019-05-17T15:25:55",
    "dateReserved": "2019-01-10T00:00:00",
    "dateUpdated": "2024-08-04T20:09:24.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5944\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2019-05-17T16:29:05.017\",\"lastModified\":\"2024-11-21T04:45:47.470\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application \u0027Address\u0027 without modify privileges via the application \u0027Address\u0027.\"},{\"lang\":\"es\",\"value\":\"Cybozu Garoon 4.0.0 a 4.10.1 permite a los atacantes autenticados remotos omitir el Access Restriction, alterar el contenido de la aplicaci\u00f3n \u0027Address\u00a8sin modificar los privilegios por medio de la aplicaci\u00f3n \u0027Address\u0027.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndIncluding\":\"4.10.1\",\"matchCriteriaId\":\"61297B3F-396E-42C4-BEC1-041207A7EBC2\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN58849431/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kb.cybozu.support/article/35487/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://jvn.jp/en/jp/JVN58849431/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kb.cybozu.support/article/35487/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

fkie_cve-2019-5944

Vulnerability from fkie_nvd

Published

2019-05-17 16:29

Modified

2024-11-21 04:45

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN58849431/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://kb.cybozu.support/article/35487/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN58849431/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kb.cybozu.support/article/35487/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cybozu	garoon	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61297B3F-396E-42C4-BEC1-041207A7EBC2",
              "versionEndIncluding": "4.10.1",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application \u0027Address\u0027 without modify privileges via the application \u0027Address\u0027."
    },
    {
      "lang": "es",
      "value": "Cybozu Garoon 4.0.0 a 4.10.1 permite a los atacantes autenticados remotos omitir el Access Restriction, alterar el contenido de la aplicaci\u00f3n \u0027Address\u00a8sin modificar los privilegios por medio de la aplicaci\u00f3n \u0027Address\u0027."
    }
  ],
  "id": "CVE-2019-5944",
  "lastModified": "2024-11-21T04:45:47.470",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-17T16:29:05.017",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.cybozu.support/article/35487/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.cybozu.support/article/35487/"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-m62c-f2fc-wc23

Vulnerability from github

Published

2022-05-24 16:46

Modified

2022-05-24 16:46

Details

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5944"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-17T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application \u0027Address\u0027 without modify privileges via the application \u0027Address\u0027.",
  "id": "GHSA-m62c-f2fc-wc23",
  "modified": "2022-05-24T16:46:04Z",
  "published": "2022-05-24T16:46:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5944"
    },
    {
      "type": "WEB",
      "url": "https://kb.cybozu.support/article/35487"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cnvd-2019-12708

Vulnerability from cnvd

Title: Cybozu Garoon权限访问控制问题漏洞

Description:

Cybozu Garoon是日本才望子（Cybozu）公司的一套门户型OA办公系统。该系统提供门户、E-mail、书签、日程安排、公告栏、文件管理等功能。

Cybozu Garoon 4.0.0版本至4.10.1版本中存在权限访问控制问题漏洞。该漏洞源于网络系统或产品缺乏有效的权限许可和访问控制措施。攻击者可以登录到产品的用户可以更改应用程序“地址”的内容，而无需修改权限。

Severity: 中

Patch Name: Cybozu Garoon权限访问控制问题漏洞的补丁

Patch Description:

Cybozu Garoon是日本才望子（Cybozu）公司的一套门户型OA办公系统。该系统提供门户、E-mail、书签、日程安排、公告栏、文件管理等功能。

Cybozu Garoon 4.0.0版本至4.10.1版本中存在权限访问控制问题漏洞。该漏洞源于网络系统或产品缺乏有效的权限许可和访问控制措施。攻击者可以登录到产品的用户可以更改应用程序“地址”的内容，而无需修改权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://kb.cybozu.support/article/35487/

Reference: https://jvn.jp/en/jp/JVN58849431/

Impacted products

Name
Cybozu Garoon >=4.0.0，<=4.10.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5944"
    }
  },
  "description": "Cybozu Garoon\u662f\u65e5\u672c\u624d\u671b\u5b50\uff08Cybozu\uff09\u516c\u53f8\u7684\u4e00\u5957\u95e8\u6237\u578bOA\u529e\u516c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u95e8\u6237\u3001E-mail\u3001\u4e66\u7b7e\u3001\u65e5\u7a0b\u5b89\u6392\u3001\u516c\u544a\u680f\u3001\u6587\u4ef6\u7ba1\u7406\u7b49\u529f\u80fd\u3002\n\nCybozu Garoon 4.0.0\u7248\u672c\u81f34.10.1\u7248\u672c\u4e2d\u5b58\u5728\u6743\u9650\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7f3a\u4e4f\u6709\u6548\u7684\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u63aa\u65bd\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u767b\u5f55\u5230\u4ea7\u54c1\u7684\u7528\u6237\u53ef\u4ee5\u66f4\u6539\u5e94\u7528\u7a0b\u5e8f\u201c\u5730\u5740\u201d\u7684\u5185\u5bb9\uff0c\u800c\u65e0\u9700\u4fee\u6539\u6743\u9650\u3002",
  "discovererName": "Tanghaifeng",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://kb.cybozu.support/article/35487/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-12708",
  "openTime": "2019-04-28",
  "patchDescription": "Cybozu Garoon\u662f\u65e5\u672c\u624d\u671b\u5b50\uff08Cybozu\uff09\u516c\u53f8\u7684\u4e00\u5957\u95e8\u6237\u578bOA\u529e\u516c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u95e8\u6237\u3001E-mail\u3001\u4e66\u7b7e\u3001\u65e5\u7a0b\u5b89\u6392\u3001\u516c\u544a\u680f\u3001\u6587\u4ef6\u7ba1\u7406\u7b49\u529f\u80fd\u3002\r\n\r\nCybozu Garoon 4.0.0\u7248\u672c\u81f34.10.1\u7248\u672c\u4e2d\u5b58\u5728\u6743\u9650\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7f3a\u4e4f\u6709\u6548\u7684\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u63aa\u65bd\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u767b\u5f55\u5230\u4ea7\u54c1\u7684\u7528\u6237\u53ef\u4ee5\u66f4\u6539\u5e94\u7528\u7a0b\u5e8f\u201c\u5730\u5740\u201d\u7684\u5185\u5bb9\uff0c\u800c\u65e0\u9700\u4fee\u6539\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cybozu Garoon\u6743\u9650\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cybozu Garoon \u003e=4.0.0\uff0c\u003c=4.10.1"
  },
  "referenceLink": "https://jvn.jp/en/jp/JVN58849431/",
  "serverity": "\u4e2d",
  "submitTime": "2019-04-21",
  "title": "Cybozu Garoon\u6743\u9650\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e"
}

cve-2019-5944

Vulnerability from jvndb

Published

2019-04-25 17:13

Modified

2023-11-08 16:39

Severity ?

6.0 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Summary

Multiple vulnerabilities in Cybozu Garoon

Details

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * Cross-site scripting in the additional processing of Customize Item function (CWE-79) - CVE-2019-5928 * Cross-site scripting in the application "Memo" (CWE-79) - CVE-2019-5929 * Browse restriction bypass in the application "Management of Basic System" (CWE-264) - CVE-2019-5930 * Improper verification of file path in installer (CWE-20) - CVE-2019-5931 * Stored cross-site scripting in the application "Portal" (CWE-79) - CVE-2019-5932 * Browse restriction bypass in the application "Bulletin" (CWE-284) - CVE-2019-5933 * SQL injection in the Log Search function of application "logging" (CWE-89) - CVE-2019-5934 * Operation restriction bypass in the Item function of User Information (CWE-264) - CVE-2019-5935 * Directory traversal in the application "Work Flow" (CWE-22) - CVE-2019-5936 * Cross-site scripting in the user information (CWE-79) - CVE-2019-5937 * Stored cross-site scripting in the application "Mail" (CWE-79) - CVE-2019-5938 * Cross-site scripting in the application "Portal" (CWE-79) - CVE-2019-5939 * Cross-site scripting in the application "Scheduler" (CWE-79) - CVE-2019-5940 * Operation restriction bypass in the application "Multi Report" (CWE-264) - CVE-2019-5941 * Browse restriction bypass in the Multiple Files Download function of application "Cabinet" (CWE-284) - CVE-2019-5942 * Browse restriction bypass in the application "Bulletin" and the application "Cabinet" (CWE-284) - CVE-2019-5943 * Operation restriction bypass in the application "Address" (CWE-264) - CVE-2019-5944 * Information disclosure in the authentication of Cybozu Garoon (CWE-287) - CVE-2019-5945 * Open redirect in the Login Screen (CWE-601) - CVE-2019-5946 * Cross-site scripting in the application "Cabinet" (CWE-79) - CVE-2019-5947 * Server-side request forgery in the V-CUBE Meeting function (CWE-918) - CVE-2020-5562 Cybozu, Inc. reported the following vulnerabilities to JPCERT/CC to notify users of the solution through JVN. * CVE-2019-5928, CVE-2019-5930, CVE-2019-5931, CVE-2019-5932, CVE-2019-5935, CVE-2019-5936, CVE-2019-5942 and CVE-2019-5947 by Cybozu, Inc. * CVE-2019-5929, CVE-2019-5937, CVE-2019-5938, CVE-2019-5939 and CVE-2019-5940 by Masato Kinugawa * CVE-2019-5933, CVE-2019-5941 and CVE-2019-5946 by Yuji Tounai * CVE-2019-5934 and CVE-2019-5945 by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. * CVE-2019-5943 by ixama * CVE-2019-5944 by Tanghaifeng * CVE-2020-5562 by Kanta Nishitani

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN58849431/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2020-5562
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5928
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5929
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5930
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5931
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5932
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5933
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5934
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5935
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5936
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5937
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5938
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5939
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5940
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5941
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5942
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5943
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5944
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5945
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5946
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5947
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5928
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5929
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5930
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5931
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5932
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5933
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5934
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5935
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5936
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5937
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5938
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5939
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5940
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5941
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5942
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5943
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5944
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5945
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5946
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5947
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5562
	Improper Input Validation(CWE-20)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Information Exposure(CWE-200)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Path Traversal(CWE-22)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	SQL Injection(CWE-89)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000023.html",
  "dc:date": "2023-11-08T16:39+09:00",
  "dcterms:issued": "2019-04-25T17:13+09:00",
  "dcterms:modified": "2023-11-08T16:39+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n\r\n* Cross-site scripting in the additional processing of Customize Item function (CWE-79) - CVE-2019-5928\r\n* Cross-site scripting in the application \"Memo\" (CWE-79) - CVE-2019-5929\r\n* Browse restriction bypass in the application \"Management of Basic System\" (CWE-264) - CVE-2019-5930\r\n* Improper verification of file path in installer (CWE-20) - CVE-2019-5931\r\n* Stored cross-site scripting in the application \"Portal\" (CWE-79) - CVE-2019-5932\r\n* Browse restriction bypass in the application \"Bulletin\" (CWE-284) - CVE-2019-5933\r\n* SQL injection in the Log Search function of application \"logging\" (CWE-89) - CVE-2019-5934\r\n* Operation restriction bypass in the Item function of User Information (CWE-264) - CVE-2019-5935\r\n* Directory traversal in the application \"Work Flow\" (CWE-22) - CVE-2019-5936\r\n* Cross-site scripting in the user information (CWE-79) - CVE-2019-5937\r\n* Stored cross-site scripting in the application \"Mail\" (CWE-79) - CVE-2019-5938\r\n* Cross-site scripting in the application \"Portal\" (CWE-79) - CVE-2019-5939\r\n* Cross-site scripting in the application \"Scheduler\" (CWE-79) - CVE-2019-5940\r\n* Operation restriction bypass in the application \"Multi Report\" (CWE-264) - CVE-2019-5941\r\n* Browse restriction bypass in the Multiple Files Download function of application \"Cabinet\" (CWE-284) - CVE-2019-5942\r\n* Browse restriction bypass in the application \"Bulletin\" and the application \"Cabinet\" (CWE-284) - CVE-2019-5943\r\n* Operation restriction bypass in the application \"Address\" (CWE-264) - CVE-2019-5944\r\n* Information disclosure in the authentication of Cybozu Garoon (CWE-287) - CVE-2019-5945\r\n* Open redirect in the Login Screen (CWE-601) - CVE-2019-5946\r\n* Cross-site scripting in the application \"Cabinet\" (CWE-79) - CVE-2019-5947\r\n* Server-side request forgery in the V-CUBE Meeting function (CWE-918) - CVE-2020-5562\r\n\r\nCybozu, Inc. reported the following vulnerabilities to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n* CVE-2019-5928, CVE-2019-5930, CVE-2019-5931, CVE-2019-5932, CVE-2019-5935, CVE-2019-5936, CVE-2019-5942 and CVE-2019-5947 by Cybozu, Inc.\r\n* CVE-2019-5929, CVE-2019-5937, CVE-2019-5938, CVE-2019-5939 and CVE-2019-5940 by Masato Kinugawa\r\n* CVE-2019-5933, CVE-2019-5941 and CVE-2019-5946 by Yuji Tounai\r\n* CVE-2019-5934 and CVE-2019-5945 by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.\r\n* CVE-2019-5943 by ixama\r\n* CVE-2019-5944 by Tanghaifeng\r\n* CVE-2020-5562 by Kanta Nishitani",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000023.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2019-000023",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN58849431/index.html",
      "@id": "JVN#58849431",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2020-5562",
      "@id": "CVE-2020-5562",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5928",
      "@id": "CVE-2019-5928",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5929",
      "@id": "CVE-2019-5929",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5930",
      "@id": "CVE-2019-5930",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5931",
      "@id": "CVE-2019-5931",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5932",
      "@id": "CVE-2019-5932",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5933",
      "@id": "CVE-2019-5933",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5934",
      "@id": "CVE-2019-5934",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5935",
      "@id": "CVE-2019-5935",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5936",
      "@id": "CVE-2019-5936",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5937",
      "@id": "CVE-2019-5937",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5938",
      "@id": "CVE-2019-5938",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5939",
      "@id": "CVE-2019-5939",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5940",
      "@id": "CVE-2019-5940",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5941",
      "@id": "CVE-2019-5941",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5942",
      "@id": "CVE-2019-5942",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5943",
      "@id": "CVE-2019-5943",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5944",
      "@id": "CVE-2019-5944",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5945",
      "@id": "CVE-2019-5945",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5946",
      "@id": "CVE-2019-5946",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5947",
      "@id": "CVE-2019-5947",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5928",
      "@id": "CVE-2019-5928",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5929",
      "@id": "CVE-2019-5929",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5930",
      "@id": "CVE-2019-5930",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5931",
      "@id": "CVE-2019-5931",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5932",
      "@id": "CVE-2019-5932",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5933",
      "@id": "CVE-2019-5933",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5934",
      "@id": "CVE-2019-5934",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5935",
      "@id": "CVE-2019-5935",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5936",
      "@id": "CVE-2019-5936",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5937",
      "@id": "CVE-2019-5937",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5938",
      "@id": "CVE-2019-5938",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5939",
      "@id": "CVE-2019-5939",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5940",
      "@id": "CVE-2019-5940",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5941",
      "@id": "CVE-2019-5941",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5942",
      "@id": "CVE-2019-5942",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5943",
      "@id": "CVE-2019-5943",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5944",
      "@id": "CVE-2019-5944",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5945",
      "@id": "CVE-2019-5945",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5946",
      "@id": "CVE-2019-5946",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5947",
      "@id": "CVE-2019-5947",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5562",
      "@id": "CVE-2020-5562",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Garoon"
}

gsd-2019-5944

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.

Aliases

CVE-2019-5944

Aliases

CVE-2019-5944

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-5944",
    "description": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application \u0027Address\u0027 without modify privileges via the application \u0027Address\u0027.",
    "id": "GSD-2019-5944"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-5944"
      ],
      "details": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application \u0027Address\u0027 without modify privileges via the application \u0027Address\u0027.",
      "id": "GSD-2019-5944",
      "modified": "2023-12-13T01:23:55.293857Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2019-5944",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cybozu Garoon",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "4.0.0 to 4.10.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cybozu, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application \u0027Address\u0027 without modify privileges via the application \u0027Address\u0027."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Fails to restrict access"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://jvn.jp/en/jp/JVN58849431/index.html",
            "refsource": "MISC",
            "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
          },
          {
            "name": "https://kb.cybozu.support/article/35487/",
            "refsource": "MISC",
            "url": "https://kb.cybozu.support/article/35487/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.10.1",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-5944"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application \u0027Address\u0027 without modify privileges via the application \u0027Address\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.cybozu.support/article/35487/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.cybozu.support/article/35487/"
            },
            {
              "name": "http://jvn.jp/en/jp/JVN58849431/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-05-17T16:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-5944 (GCVE-0-2019-5944)

Vulnerability from cvelistv5

fkie_cve-2019-5944

Vulnerability from fkie_nvd

ghsa-m62c-f2fc-wc23

Vulnerability from github

cnvd-2019-12708

Vulnerability from cnvd

cve-2019-5944

Vulnerability from jvndb

gsd-2019-5944

Vulnerability from gsd

Tags

Sightings

Nomenclature