4.3
CVE-2016-4908
- EPSS 1.13%
- Veröffentlicht 09.06.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginCybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.13% | 0.622 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
http://www.securityfocus.com/bid/97912
http://www.securityfocus.com/bid/94966
https://jvn.jp/en/jp/JVN14631222/index.html
https://support.cybozu.com/ja-jp/article/9399