CVE-2015-7776
published 2016-06-19CVE-2015-7776: Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a…
PriorityP418medium4.3CVSS 3.0
AVNACLPRNUIRSUCLINAN
EPSS
1.30%
66.9th percentile
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wh32-x668-vjvc: Cybozu Garoon 3
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2016-1196 [MEDIUM] CWE-200 GHSA-wh32-x668-vjvc: Cybozu Garoon 3
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.
GHSA
GHSA-h8p2-jf45-r49w: Cybozu Garoon 3
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2015-7776 [MEDIUM] CWE-200 GHSA-h8p2-jf45-r49w: Cybozu Garoon 3
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://jvn.jp/en/jp/JVN53542912/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2016-000085https://support.cybozu.com/ja-jp/article/8757https://support.cybozu.com/ja-jp/article/8897https://support.cybozu.com/ja-jp/article/8951https://support.cybozu.com/ja-jp/article/8982http://jvn.jp/en/jp/JVN53542912/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2016-000085https://support.cybozu.com/ja-jp/article/8757https://support.cybozu.com/ja-jp/article/8897https://support.cybozu.com/ja-jp/article/8951https://support.cybozu.com/ja-jp/article/8982
2016-06-19
Published