CVE-2014-0820

EPSS 0.21%
Veröffentlicht 27.02.2014 01:55:03
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cybozu ≫ Garoon Version2.0 Updatesp1

Cybozu ≫ Garoon Version2.0 Updatesp2

Cybozu ≫ Garoon Version2.0 Updatesp3

Cybozu ≫ Garoon Version2.0 Updatesp4

Cybozu ≫ Garoon Version2.0 Updatesp5

Cybozu ≫ Garoon Version2.0 Updatesp6

Cybozu ≫ Garoon Version2.0.0

Cybozu ≫ Garoon Version2.0.1

Cybozu ≫ Garoon Version2.0.2

Cybozu ≫ Garoon Version2.0.3

Cybozu ≫ Garoon Version2.0.4

Cybozu ≫ Garoon Version2.0.5

Cybozu ≫ Garoon Version2.0.6

Cybozu ≫ Garoon Version2.1

Cybozu ≫ Garoon Version2.1 Updatesp1

Cybozu ≫ Garoon Version2.1 Updatesp2

Cybozu ≫ Garoon Version2.1 Updatesp3

Cybozu ≫ Garoon Version2.1.0

Cybozu ≫ Garoon Version2.1.1

Cybozu ≫ Garoon Version2.1.2

Cybozu ≫ Garoon Version2.1.3

Cybozu ≫ Garoon Version2.5

Cybozu ≫ Garoon Version2.5 Updatesp1

Cybozu ≫ Garoon Version2.5 Updatesp2

Cybozu ≫ Garoon Version2.5 Updatesp3

Cybozu ≫ Garoon Version2.5 Updatesp4

Cybozu ≫ Garoon Version2.5.0

Cybozu ≫ Garoon Version2.5.1

Cybozu ≫ Garoon Version2.5.2

Cybozu ≫ Garoon Version2.5.3

Cybozu ≫ Garoon Version2.5.4

Cybozu ≫ Garoon Version3.0

Cybozu ≫ Garoon Version3.0 Updatesp1

Cybozu ≫ Garoon Version3.0 Updatesp2

Cybozu ≫ Garoon Version3.0 Updatesp3

Cybozu ≫ Garoon Version3.1

Cybozu ≫ Garoon Version3.1 Updatesp1

Cybozu ≫ Garoon Version3.1 Updatesp2

Cybozu ≫ Garoon Version3.1 Updatesp3

Cybozu ≫ Garoon Version3.5

Cybozu ≫ Garoon Version3.5 Updatesp1

Cybozu ≫ Garoon Version3.5 Updatesp2

Cybozu ≫ Garoon Version3.5 Updatesp3

Cybozu ≫ Garoon Version3.5 Updatesp4

Cybozu ≫ Garoon Version3.5 Updatesp5

Cybozu ≫ Garoon Version3.5.3

Cybozu ≫ Garoon Version3.7

Cybozu ≫ Garoon Version3.7 Updatesp1

Cybozu ≫ Garoon Version3.7 Updatesp2

Cybozu ≫ Garoon Version3.7 Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.427

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://cs.cybozu.co.jp/information/gr20140225up05.php

Vendor Advisory

http://jvn.jp/en/jp/JVN26393529/index.html

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000023

Vendor Advisory

http://www.securityfocus.com/bid/65815

https://support.cybozu.com/ja-jp/article/7994

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-0820

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0820

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0820

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2014-0820