CVE-2020-5565 - Vulnerability Details - OpenCVE

Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00238.

Key SSVC decision points have not yet been added.

Vendors	Products
Cybozu	Garoon

Configuration 1 [-]

cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2020-26727	Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://jvn.jp/en/jp/JVN35649781/index.html
https://kb.cybozu.support/article/36119/

History

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00159}`	epss `{'score': 0.00238}`

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2020-04-28T03:15:29

Updated: 2024-08-04T08:30:24.581Z

Reserved: 2020-01-06T00:00:00

Link: CVE-2020-5565

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-04-28T04:15:12.620

Modified: 2024-11-21T05:34:16.963

Link: CVE-2020-5565

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Cybozu Garoon", "vendor": "Cybozu, Inc.", "versions": [{"status": "affected", "version": "4.0.0 to 4.10.3"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'."}], "problemTypes": [{"descriptions": [{"description": "Improper Input Validation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-28T03:15:29", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/en/jp/JVN35649781/index.html"}, {"tags": ["x_refsource_MISC"], "url": "https://kb.cybozu.support/article/36119/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2020-5565", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cybozu Garoon", "version": {"version_data": [{"version_value": "4.0.0 to 4.10.3"}]}}]}, "vendor_name": "Cybozu, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://jvn.jp/en/jp/JVN35649781/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN35649781/index.html"}, {"name": "https://kb.cybozu.support/article/36119/", "refsource": "MISC", "url": "https://kb.cybozu.support/article/36119/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:30:24.581Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jvn.jp/en/jp/JVN35649781/index.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://kb.cybozu.support/article/36119/"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2020-5565", "datePublished": "2020-04-28T03:15:29", "dateReserved": "2020-01-06T00:00:00", "dateUpdated": "2024-08-04T08:30:24.581Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*", "matchCriteriaId": "A714C0FA-0187-48FA-8CBF-284D5F73D596", "versionEndIncluding": "4.10.3", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'."}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n de entrada inapropiada en Cybozu Garoon versiones 4.0.0 hasta 4.10.3, permite a un atacante autentificado remoto alterar los datos de la aplicaci\u00f3n por medio de las aplicaciones \"Workflow\" y \"MultiReport\"."}], "id": "CVE-2020-5565", "lastModified": "2024-11-21T05:34:16.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-28T04:15:12.620", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN35649781/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://kb.cybozu.support/article/36119/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN35649781/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.cybozu.support/article/36119/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}