CVE-2020-5562

Name of the Vulnerable Software and Affected Versions Cybozu Garoon versions 4.6.0 through 4.6.3

Description A server-side request forgery (SSRF) issue allows a remote attacker with administrative privileges to issue arbitrary HTTP requests to other web servers via the V-CUBE Meeting function. This enables the attacker to potentially access or manipulate sensitive data on other web servers.

Recommendations For Cybozu Garoon versions 4.6.0 through 4.6.3, consider restricting access to the V-CUBE Meeting function until a patch is available to prevent exploitation of the SSRF issue. As a temporary workaround, limit the administrative privileges to minimize the risk of arbitrary HTTP requests being issued to other web servers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.