Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.
References
Link | Resource |
---|---|
http://jvn.jp/en/jp/JVN53542912/index.html | Vendor Advisory |
https://support.cybozu.com/ja-jp/article/8897 | Patch Vendor Advisory |
https://support.cybozu.com/ja-jp/article/8757 | Patch Vendor Advisory |
https://support.cybozu.com/ja-jp/article/8951 | Patch Vendor Advisory |
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000085 | Vendor Advisory |
https://support.cybozu.com/ja-jp/article/8982 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2016-06-19 13:59
Updated : 2016-06-21 11:01
NVD link : CVE-2015-7776
Mitre link : CVE-2015-7776
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
cybozu
- garoon