Vulnerabilites related to Japan Total System Co.,Ltd. - GroupSession
jvndb-2021-000111
Vulnerability from jvndb
Published
2021-12-20 14:53
Modified
2021-12-21 14:20
Severity ?
Summary
Multiple vulnerabilities in GroupSession
Details
GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.
*Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2021-20874
*Open redirect (CWE-601) - CVE-2021-20875
*Path Traversal (CWE-22) - CVE-2021-20876
CVE-2021-20874
TAKUMA SHIGA reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20875, CVE-2021-20876
Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ► | Type | URL |
|---|---|---|
|
|
||
Impacted products
| ► | Vendor | Product |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000111.html",
"dc:date": "2021-12-21T14:20+09:00",
"dcterms:issued": "2021-12-20T14:53+09:00",
"dcterms:modified": "2021-12-21T14:20+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.\r\n\r\n*Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2021-20874\r\n*Open redirect (CWE-601) - CVE-2021-20875\r\n*Path Traversal (CWE-22) - CVE-2021-20876\r\n\r\nCVE-2021-20874\r\nTAKUMA SHIGA reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20875, CVE-2021-20876\r\nTsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000111.html",
"sec:cpe": {
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000111",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN79798166/index.html",
"@id": "JVN#79798166",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2021-20874",
"@id": "CVE-2021-20874",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2021-20875",
"@id": "CVE-2021-20875",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2021-20876",
"@id": "CVE-2021-20876",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20874",
"@id": "CVE-2021-20874",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20875",
"@id": "CVE-2021-20875",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20876",
"@id": "CVE-2021-20876",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in GroupSession"
}
jvndb-2017-000089
Vulnerability from jvndb
Published
2017-05-25 14:14
Modified
2018-01-24 11:59
Severity ?
Summary
GroupSession fails to restrict access permissions
Details
GroupSession provided by Japan Total System Co.,Ltd. is open source groupware. GroupSession fails to restrict access permissions.
Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ► | Vendor | Product |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000089.html",
"dc:date": "2018-01-24T11:59+09:00",
"dcterms:issued": "2017-05-25T14:14+09:00",
"dcterms:modified": "2018-01-24T11:59+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. is open source groupware. GroupSession fails to restrict access permissions.\r\n\r\nNorihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000089.html",
"sec:cpe": {
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000089",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN42164352/index.html",
"@id": "JVN#42164352",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2165",
"@id": "CVE-2017-2165",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2165",
"@id": "CVE-2017-2165",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "GroupSession fails to restrict access permissions"
}
jvndb-2018-000003
Vulnerability from jvndb
Published
2018-01-19 14:19
Modified
2018-04-11 11:37
Severity ?
Summary
GroupSession vulnerable to open redirect
Details
GroupSession provided by Japan Total System Co.,Ltd. is an open source groupware. GroupSession contains an open redirect vulnerability (CWE-601).
Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ► | Type | URL |
|---|---|---|
Impacted products
| ► | Vendor | Product |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000003.html",
"dc:date": "2018-04-11T11:37+09:00",
"dcterms:issued": "2018-01-19T14:19+09:00",
"dcterms:modified": "2018-04-11T11:37+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. is an open source groupware. GroupSession contains an open redirect vulnerability (CWE-601).\r\n\r\nNorihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000003.html",
"sec:cpe": {
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000003",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN26200083/index.html",
"@id": "JVN#26200083",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2166",
"@id": "CVE-2017-2166",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2166",
"@id": "CVE-2017-2166",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "GroupSession vulnerable to open redirect"
}
jvndb-2025-000113
Vulnerability from jvndb
Published
2025-12-08 17:48
Modified
2025-12-11 11:30
Severity ?
Summary
Multiple vulnerabilities in GroupSession
Details
GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.
<ul><li>Stored cross-site scripting (CWE-79) - CVE-2025-53523</li>
<li>Stored cross-site scripting (CWE-79) - CVE-2025-54407</li>
<li>Reflected cross-site scripting (CWE-79) - CVE-2025-57883</li>
<li>Cross-site request forgery (CWE-352) - CVE-2025-58576</li>
<li>Authorization bypass through user-controlled key (CWE-639) - CVE-2025-61950</li>
<li>Missing origin validation in webSockets (CWE-1385) - CVE-2025-61987</li><li>SQL injection (CWE-89) - CVE-2025-62192</li>
<li>Initialization of a resource with an insecure default (CWE-1188) - CVE-2025-64781</li>
<li>This can be exploited only when External page display restriction is set as "Do not limit", as in the initial configurationReflected cross-site scripting (CWE-79) - CVE-2025-65120</li>
<li>Stored cross-site scripting (CWE-79) - CVE-2025-66284</li></ul>
The following people reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2025-53523
Reporter: Shogo Iyota of GMO Cybersecurity by Ierae
Gaku Mochizuki, Tsutomu Aramaki, and Taiga Shirakura of Mitsui Bussan Secure Directions, Inc.
Natsumi Furukawa
CVE-2025-54407
Reporter: Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.
CVE-2025-57883
Reporter: Tsuyuki Takumi of Mitsui Bussan Secure Directions, Inc.
Ryo Sato
CVE-2025-58576
Reporter: Tsuyuki Takumi, Kenta Yamamoto, and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.
Shogo Iyota of GMO Cybersecurity by Ierae
CVE-2025-61950
Reporter: Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc.
CVE-2025-61987
Reporter: Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.
CVE-2025-62192
Gaku Mochizuki and Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc.
CVE-2025-64781
Reporter: Ryo Sato
CVE-2025-65120
Reporter: Kentaro Ishii of GMO Cybersecurity by Ierae, Inc.
Shiga Takuma of BroadBand Security, Inc.
CVE-2025-66284
Reporter: Kentaro Ishii of GMO Cybersecurity by Ierae, Inc.
KOJIRO ENOKIDA
References
Impacted products
| ► | Vendor | Product |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000113.html",
"dc:date": "2025-12-11T11:30+09:00",
"dcterms:issued": "2025-12-08T17:48+09:00",
"dcterms:modified": "2025-12-11T11:30+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eStored cross-site scripting (CWE-79) - CVE-2025-53523\u003c/li\u003e\r\n\u003cli\u003eStored cross-site scripting (CWE-79) - CVE-2025-54407\u003c/li\u003e\r\n\u003cli\u003eReflected cross-site scripting (CWE-79) - CVE-2025-57883\u003c/li\u003e\r\n\u003cli\u003eCross-site request forgery (CWE-352) - CVE-2025-58576\u003c/li\u003e\r\n\u003cli\u003eAuthorization bypass through user-controlled key (CWE-639) - CVE-2025-61950\u003c/li\u003e\r\n\u003cli\u003eMissing origin validation in webSockets (CWE-1385) - CVE-2025-61987\u003c/li\u003e\u003cli\u003eSQL injection (CWE-89) - CVE-2025-62192\u003c/li\u003e\r\n\u003cli\u003eInitialization of a resource with an insecure default (CWE-1188) - CVE-2025-64781\u003c/li\u003e\r\n\u003cli\u003eThis can be exploited only when External page display restriction is set as \"Do not limit\", as in the initial configurationReflected cross-site scripting (CWE-79) - CVE-2025-65120\u003c/li\u003e\r\n\u003cli\u003eStored cross-site scripting (CWE-79) - CVE-2025-66284\u003c/li\u003e\u003c/ul\u003e\r\nThe following people reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2025-53523\r\nReporter: Shogo Iyota of GMO Cybersecurity by Ierae\r\n Gaku Mochizuki, Tsutomu Aramaki, and Taiga Shirakura of Mitsui Bussan Secure Directions, Inc.\r\n Natsumi Furukawa\r\n\r\nCVE-2025-54407\r\nReporter: Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2025-57883\r\nReporter: Tsuyuki Takumi of Mitsui Bussan Secure Directions, Inc.\r\n Ryo Sato\r\n\r\nCVE-2025-58576\r\nReporter: Tsuyuki Takumi, Kenta Yamamoto, and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.\r\n Shogo Iyota of GMO Cybersecurity by Ierae\r\n\r\nCVE-2025-61950\r\nReporter: Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2025-61987\r\nReporter: Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2025-62192\r\nGaku Mochizuki and Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2025-64781\r\nReporter: Ryo Sato\r\n\r\nCVE-2025-65120\r\nReporter: Kentaro Ishii of GMO Cybersecurity by Ierae, Inc.\r\n Shiga Takuma of BroadBand Security, Inc.\r\n\r\nCVE-2025-66284\r\nReporter: Kentaro Ishii of GMO Cybersecurity by Ierae, Inc.\r\n KOJIRO ENOKIDA",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000113.html",
"sec:cpe": {
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000113",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN19940619/index.html",
"@id": "JVN#19940619",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-53523",
"@id": "CVE-2025-53523",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-54407",
"@id": "CVE-2025-54407",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-57883",
"@id": "CVE-2025-57883",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-58576",
"@id": "CVE-2025-58576",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-61950",
"@id": "CVE-2025-61950",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-61987",
"@id": "CVE-2025-61987",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-62192",
"@id": "CVE-2025-62192",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-64781",
"@id": "CVE-2025-64781",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-65120",
"@id": "CVE-2025-65120",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-66284",
"@id": "CVE-2025-66284",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in GroupSession"
}
jvndb-2021-000070
Vulnerability from jvndb
Published
2021-07-19 15:41
Modified
2023-03-08 17:02
Severity ?
Summary
Multiple vulnerabilities in GroupSession
Details
GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.
*Cross-site scripting vulnerability (CWE-79) - CVE-2021-20785
*Cross-site request forgery (CWE-352) - CVE-2021-20786
*Cross-site scripting vulnerability (CWE-79) - CVE-2021-20787
*Sever-side request forgery (CWE-918) - CVE-2021-20788
*Open redirect (CWE-601) - CVE-2021-20789
CVE-2021-20785, CVE-2021-20786
ASAI Ken reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20787, CVE-2021-20788, CVE-2021-20789
Ryo Sato of BroadBand Security,Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ► | Type | URL | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000070.html",
"dc:date": "2023-03-08T17:02+09:00",
"dcterms:issued": "2021-07-19T15:41+09:00",
"dcterms:modified": "2023-03-08T17:02+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.\r\n*Cross-site scripting vulnerability (CWE-79) - CVE-2021-20785\r\n*Cross-site request forgery (CWE-352) - CVE-2021-20786\r\n*Cross-site scripting vulnerability (CWE-79) - CVE-2021-20787\r\n*Sever-side request forgery (CWE-918) - CVE-2021-20788\r\n*Open redirect (CWE-601) - CVE-2021-20789\r\n\r\nCVE-2021-20785, CVE-2021-20786\r\nASAI Ken reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20787, CVE-2021-20788, CVE-2021-20789\r\nRyo Sato of BroadBand Security,Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000070.html",
"sec:cpe": [
{
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000070",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN86026700/index.html",
"@id": "JVN#86026700",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20785",
"@id": "CVE-2021-20785",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20786",
"@id": "CVE-2021-20786",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20787",
"@id": "CVE-2021-20787",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20788",
"@id": "CVE-2021-20788",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20789",
"@id": "CVE-2021-20789",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20785",
"@id": "CVE-2021-20785",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20786",
"@id": "CVE-2021-20786",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20787",
"@id": "CVE-2021-20787",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20788",
"@id": "CVE-2021-20788",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20789",
"@id": "CVE-2021-20789",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in GroupSession"
}
CVE-2021-20788 (GCVE-0-2021-20788)
Vulnerability from cvelistv5
Published
2021-07-28 00:45
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Server-Side Request Forgery (SSRF)
Summary
Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote authenticated attacker to conduct a port scan from the product and/or obtain information from the internal Web server.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Version: GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote authenticated attacker to conduct a port scan from the product and/or obtain information from the internal Web server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T00:45:31",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote authenticated attacker to conduct a port scan from the product and/or obtain information from the internal Web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"name": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20788",
"datePublished": "2021-07-28T00:45:31",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20786 (GCVE-0-2021-20786)
Vulnerability from cvelistv5
Published
2021-07-28 00:45
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site request forgery
Summary
Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to hijack the authentication of administrators via a specially crafted URL.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Version: GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to hijack the authentication of administrators via a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T00:45:27",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to hijack the authentication of administrators via a specially crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"name": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20786",
"datePublished": "2021-07-28T00:45:27",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20785 (GCVE-0-2021-20785)
Vulnerability from cvelistv5
Published
2021-07-28 00:45
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Version: GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T00:45:26",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"name": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20785",
"datePublished": "2021-07-28T00:45:26",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2166 (GCVE-0-2017-2166)
Vulnerability from cvelistv5
Published
2018-01-26 16:00
Modified
2024-08-05 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Open Redirect
Summary
Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Version: version 4.7.0 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#26200083",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN26200083/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "version 4.7.0 and earlier"
}
]
}
],
"datePublic": "2018-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-26T15:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#26200083",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN26200083/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "version 4.7.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#26200083",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN26200083/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2166",
"datePublished": "2018-01-26T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2165 (GCVE-0-2017-2165)
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-05 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Version: versions 4.6.4 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98719",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98719"
},
{
"name": "JVN#42164352",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN42164352/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "versions 4.6.4 and earlier"
}
]
}
],
"datePublic": "2017-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "98719",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98719"
},
{
"name": "JVN#42164352",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN42164352/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "versions 4.6.4 and earlier"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98719"
},
{
"name": "JVN#42164352",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN42164352/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2165",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20789 (GCVE-0-2021-20789)
Vulnerability from cvelistv5
Published
2021-07-28 00:45
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Open Redirect
Summary
Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack via a specially crafted URL.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Version: GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack via a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T00:45:32",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack via a specially crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"name": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20789",
"datePublished": "2021-07-28T00:45:32",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20787 (GCVE-0-2021-20787)
Vulnerability from cvelistv5
Published
2021-07-28 00:45
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Version: GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T00:45:29",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"name": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20787",
"datePublished": "2021-07-28T00:45:29",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}