CVE-2016-1188
medium
CVSS v3
6.5
CVSS v2
4.0
VIR risk
6.5
Description
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: vultures@jpcert.or.jp — https://support.cybozu.com/ja-jp/article/8845
Vendor advisory: vultures@jpcert.or.jp — http://jvndb.jvn.jp/jvndb/JVNDB-2016-000077
Vendor advisory: vultures@jpcert.or.jp — http://jvn.jp/en/jp/JVN18975349/index.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
References
- http://jvn.jp/en/jp/JVN18975349/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000077
- https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03
- https://support.cybozu.com/ja-jp/article/8845
- http://jvn.jp/en/jp/JVN18975349/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000077
- https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03
- https://support.cybozu.com/ja-jp/article/8845
Verify integrity in audit chain (admin only). AS-IS.