CVE-2014-1996

Published: Jul 20, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.

Affected (4)

Products: Cybozu: Garoon

Cybozu

1 product

Garoon

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Cybozu Garoon	Version 3.7.0
Cybozu Garoon	Version 3.7 sp1
Cybozu Garoon	Version 3.7 sp2
Cybozu Garoon	Version 3.7 sp3

Related CWEs

CWE-264

References (6)

http://cs.cybozu.co.jp/information/gr20140714up01.php

Source: vultures@jpcert.or.jp

Vendor Advisory

http://jvn.jp/en/jp/JVN31082531/index.html

Source: vultures@jpcert.or.jp

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000074

Source: vultures@jpcert.or.jp

Vendor Advisory

http://cs.cybozu.co.jp/information/gr20140714up01.php

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://jvn.jp/en/jp/JVN31082531/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000074

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.