CVE-2019-5935

Name of the Vulnerable Software and Affected Versions Cybozu Garoon versions 4.0.0 through 4.10.1

Description The issue allows remote authenticated attackers to bypass access restrictions and change user information without proper access privileges. This is achieved via the Item function of User Information.

Recommendations For versions 4.0.0 through 4.10.1, consider restricting access to the Item function of User Information to prevent unauthorized changes to user data. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation.