Vulnerability Description
The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.
CVSS Score
8.5
HIGH
AV:N/AC:M/Au:S/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cybozu | Garoon | 3.0.0 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN21025396/374951/index.htmlVendor Advisory
- http://jvn.jp/en/jp/JVN21025396/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151Vendor Advisory
- https://support.cybozu.com/ja-jp/article/8810Vendor Advisory
- http://jvn.jp/en/jp/JVN21025396/374951/index.htmlVendor Advisory
- http://jvn.jp/en/jp/JVN21025396/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151Vendor Advisory
- https://support.cybozu.com/ja-jp/article/8810Vendor Advisory
FAQ
What is CVE-2015-5647?
CVE-2015-5647 is a vulnerability with a CVSS score of 8.5 (HIGH). The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.
How severe is CVE-2015-5647?
CVE-2015-5647 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5647?
Check the references section above for vendor advisories and patch information. Affected products include: Cybozu Garoon.