CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-2145
https://notcve.org/view.php?id=CVE-2017-2145
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. Una vulnerabilidad de fijación de sesión en Cybozu Garoon desde las versiones 4.0.0 hasta las 4.2.4 permite que atacantes remotos realicen operaciones arbitrarias mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN43534286/index.html https://support.cybozu.com/ja-jp/article/9695 • CWE-384: Session Fixation •
CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-2094
https://notcve.org/view.php?id=CVE-2017-2094
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. Cybozu Garoon 3.0.0 hasta 4.2.3 permite a un atacante remoto autenticado sortear la restricción de acceso en Workflow y la función "MultiRepor" para alterar o borrar información a través de vectores no especificados. • http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429 https://support.cybozu.com/ja-jp/article/9655 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-2091
https://notcve.org/view.php?id=CVE-2017-2091
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. Cybozu Garoon 3.0.0 hasta 4.2.3 permiten a un atacante remoto autenticado sortear la restricción de acceso en la función Phone Messages para alterar el estado de los mensajes del teléfono a través de vectores no especificados. • http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429 https://support.cybozu.com/ja-jp/article/9570 •
CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-2093
https://notcve.org/view.php?id=CVE-2017-2093
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. Cybozu Garoon 3.0.0 hasta 4.2.3 permite a un atacante remoto obtener tokens utilizados por la protección CSRF a través de vectores no especificados. • http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429 https://support.cybozu.com/ja-jp/article/9647 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 28EXPL: 0CVE-2017-2092
https://notcve.org/view.php?id=CVE-2017-2092
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting en Cybozu Garoon 3.0.0 hasta 4.2.3 permite a un atacante remoto autenticado inyectar script web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429 https://support.cybozu.com/ja-jp/article/9555 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •