Tanghaifeng

**Name of the Vulnerable Software and Affected Versions** Cybozu Garoon versions 4.0.0 through 5.0.1 **Description** The issue allows remote authenticated attackers to bypass access restrictions and alter data for files attached to reports. The exact vectors used for this bypass are not specified. **Recommendations** For versions 4.0.0 through 5.0.1, consider restricting access to the report attachment feature until a patch is available. As a temporary workaround, limit the ability to alter file data attached to reports to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cybozu Garoon versions 4.0.0 through 5.0.1 **Description** The issue allows remote authenticated attackers to bypass access restrictions and obtain unauthorized Multi-Report's data. The exact vectors used for the bypass are not specified. **Recommendations** For versions 4.0.0 through 5.0.1, consider restricting access to Multi-Report's data until a patch is available. As a temporary workaround, limit the functionality that allows remote authenticated attackers to bypass access restrictions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cybozu Garoon versions 4.0.0 through 4.10.3 **Description** The issue is related to improper input validation, allowing a remote authenticated attacker to alter the application's data. This is specifically possible via the application's 'Workflow' and 'MultiReport' features. **Recommendations** For Cybozu Garoon versions 4.0.0 through 4.10.3, consider restricting access to the 'Workflow' and 'MultiReport' features until a patch is available. As a temporary workaround, limit the functionality of these features to minimize the risk of data alteration. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cybozu Office versions 10.0.0 through 10.8.3 **Description** The issue allows remote authenticated attackers to bypass access restrictions, potentially resulting in obtaining data without proper access privileges. This is achieved via the application 'Address'. **Recommendations** For Cybozu Office versions 10.0.0 through 10.8.3, consider restricting access to the 'Address' application until a patch is available. As a temporary workaround, review and enforce strict access controls to minimize the risk of unauthorized data access.

**Name of the Vulnerable Software and Affected Versions** Cybozu Garoon versions 4.0.0 through 4.10.1 **Description** The issue allows remote authenticated attackers to bypass access restrictions and alter the contents of the `Address` application without having modify privileges, by utilizing the `Address` application. **Recommendations** For versions 4.0.0 through 4.10.1, consider restricting access to the `Address` application to prevent unauthorized modifications until a fix is available.