PT-2019-17882 · Cybozo · Cybozu Garoon
Yuji Tounai
·
Published
2019-05-17
·
Updated
2020-08-24
·
CVE-2019-5941
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cybozo Garoon versions 4.0.0 through 4.10.1
Description
The issue allows remote authenticated attackers to bypass access restrictions and alter the Report without access privileges via the application 'Multi Report'.
Recommendations
For versions 4.0.0 through 4.10.1, consider restricting access to the 'Multi Report' application until a fix is available to prevent unauthorized alterations to the Report.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cybozu Garoon