Vulnerability Description
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.
CVSS Score
8.5
HIGH
AV:N/AC:M/Au:S/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cybozu | Garoon | 3.0.0 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN21025396/374951/index.htmlVendor Advisory
- http://jvn.jp/en/jp/JVN21025396/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151Vendor Advisory
- https://support.cybozu.com/ja-jp/article/8809PatchVendor Advisory
- https://support.cybozu.com/ja-jp/article/8811Vendor Advisory
- http://jvn.jp/en/jp/JVN21025396/374951/index.htmlVendor Advisory
- http://jvn.jp/en/jp/JVN21025396/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151Vendor Advisory
- https://support.cybozu.com/ja-jp/article/8809PatchVendor Advisory
- https://support.cybozu.com/ja-jp/article/8811Vendor Advisory
FAQ
What is CVE-2015-5646?
CVE-2015-5646 is a vulnerability with a CVSS score of 8.5 (HIGH). Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.
How severe is CVE-2015-5646?
CVE-2015-5646 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5646?
Check the references section above for vendor advisories and patch information. Affected products include: Cybozu Garoon.