PT-2020-18540 · Cybozu · Cybozu Garoon
Tanghaifeng
·
Published
2020-04-28
·
Updated
2020-04-30
·
CVE-2020-5565
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cybozu Garoon versions 4.0.0 through 4.10.3
Description
The issue is related to improper input validation, allowing a remote authenticated attacker to alter the application's data. This is specifically possible via the application's 'Workflow' and 'MultiReport' features.
Recommendations
For Cybozu Garoon versions 4.0.0 through 4.10.3, consider restricting access to the 'Workflow' and 'MultiReport' features until a patch is available. As a temporary workaround, limit the functionality of these features to minimize the risk of data alteration. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cybozu Garoon