PT-2019-17874 · Cybozu · Cybozu Garoon
Yuji Tounai
·
Published
2019-05-17
·
Updated
2020-08-24
·
CVE-2019-5933
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cybozu Garoon versions 4.0.0 through 4.10.0
Description
The issue allows remote authenticated attackers to bypass access restrictions and view the Bulletin Board without having the necessary view privileges. This is achieved via the 'Bulletin' application.
Recommendations
For versions 4.0.0 through 4.10.0, consider restricting access to the 'Bulletin' application until a fix is available. As a temporary workaround, review and adjust the access privileges for the Bulletin Board to minimize the risk of unauthorized access.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cybozu Garoon