CVE-2016-1196
published 2016-06-19CVE-2016-1196: Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information…
PriorityP418medium4.3CVSS 3.0
AVNACLPRLUINSUCLINAN
EPSS
1.04%
59.7th percentile
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wh32-x668-vjvc: Cybozu Garoon 3
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2016-1196 [MEDIUM] CWE-200 GHSA-wh32-x668-vjvc: Cybozu Garoon 3
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.
GHSA
GHSA-h8p2-jf45-r49w: Cybozu Garoon 3
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2015-7776 [MEDIUM] CWE-200 GHSA-h8p2-jf45-r49w: Cybozu Garoon 3
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-06-19
Published