{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39457", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-06-25T06:24:51.487Z", "datePublished": "2024-07-19T08:36:27.786Z", "dateUpdated": "2024-08-02T04:26:14.283Z"}, "containers": {"cna": {"affected": [{"vendor": "Cybozu, Inc.", "product": "Cybozu Garoon", "versions": [{"version": "6.0.0 to 6.0.1", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user\u2019s web browser."}], "problemTypes": [{"descriptions": [{"description": "Cross-site scripting (XSS)", "lang": "en", "type": "text"}]}], "references": [{"url": "https://kb.cybozu.support/?product=garoon&v=&fv=6.0.2&t=%E8%84%86%E5%BC%B1%E6%80%A7&f=&r=&b=&s=&posts_per_page=20"}, {"url": "https://jvn.jp/en/jp/JVN74825766/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-07-19T08:36:27.786Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-19T16:47:27.038484Z", "id": "CVE-2024-39457", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T16:47:46.468Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:14.283Z"}, "title": "CVE Program Container", "references": [{"url": "https://kb.cybozu.support/?product=garoon&v=&fv=6.0.2&t=%E8%84%86%E5%BC%B1%E6%80%A7&f=&r=&b=&s=&posts_per_page=20", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN74825766/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://kb.cybozu.support/?product=garoon&v=&fv=6.0.2&t=%E8%84%86%E5%BC%B1%E6%80%A7&f=&r=&b=&s=&posts_per_page=20", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN74825766/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:14.283Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39457", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-19T16:47:27.038484Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T16:47:40.382Z"}}], "cna": {"affected": [{"vendor": "Cybozu, Inc.", "product": "Cybozu Garoon", "versions": [{"status": "affected", "version": "6.0.0 to 6.0.1"}]}], "references": [{"url": "https://kb.cybozu.support/?product=garoon&v=&fv=6.0.2&t=%E8%84%86%E5%BC%B1%E6%80%A7&f=&r=&b=&s=&posts_per_page=20"}, {"url": "https://jvn.jp/en/jp/JVN74825766/"}], "descriptions": [{"lang": "en", "value": "Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user\u2019s web browser."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Cross-site scripting (XSS)"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-07-19T08:36:27.786Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39457", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:26:14.283Z", "dateReserved": "2024-06-25T06:24:51.487Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-07-19T08:36:27.786Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*", "matchCriteriaId": "86C99C88-076E-4108-8D3A-E0117B948240", "versionEndExcluding": "6.0.2", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user\u2019s web browser."}, {"lang": "es", "value": " Cybozu Garoon 6.0.0 a 6.0.1 contiene una vulnerabilidad de Cross Site Scripting en la vista previa de PDF. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web de un usuario que haya iniciado sesi\u00f3n."}], "id": "CVE-2024-39457", "lastModified": "2024-08-22T17:33:32.373", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-19T09:15:05.343", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN74825766/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://kb.cybozu.support/?product=garoon&v=&fv=6.0.2&t=%E8%84%86%E5%BC%B1%E6%80%A7&f=&r=&b=&s=&posts_per_page=20"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}