PT-2023-2934 · Cybozu · Cybozu Garoon

Yuji Tounai

Publicado

2023-05-12

Atualizado

2025-01-17

CVE-2023-27384

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Cybozu Garoon version 5.15.0

Description The issue is related to an operation restriction bypass vulnerability in the MultiReport component of Cybozu Garoon, which is associated with inadequate access control. This vulnerability can be exploited by a remote authenticated attacker to alter the data of MultiReport, potentially impacting the integrity of protected information.

Recommendations For Cybozu Garoon version 5.15.0, consider restricting access to the MultiReport component until a patch is available. As a temporary workaround, disabling the vulnerable functionality in MultiReport may help minimize the risk of exploitation.

Correção

Incorrect Authorization

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863CWE-284

Identificadores relacionados

BDU:2023-02931

CVE-2023-27384

Produtos afetados

Cybozu Garoon

PT-2023-2934 · Cybozu · Cybozu Garoon

CVE-2023-27384

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10