Vulnerabilities > CVE-2020-5562 - Server-Side Request Forgery (SSRF) vulnerability in Cybozu Garoon

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

cybozu

CWE-918

NVD

Published: 2020-04-28

Updated: 2020-05-01

Summary

Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function.

Vulnerable Configurations

Part	Description	Count
Application	Cybozu Cybozu Garoon 4.6.0 Cybozu Garoon 4.6.1 Cybozu Garoon 4.6.2 Cybozu Garoon 4.6.3	4

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://jvn.jp/en/jp/JVN58849431/index.html
https://kb.cybozu.support/article/36304