PT-2020-18554 · Cybozu · Cybozu Garoon

Kanta Nishitani

Published

2020-06-30

Updated

2021-07-21

CVE-2020-5580

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Cybozu Garoon versions 4.0.0 through 5.0.1

Description The issue allows remote authenticated attackers to bypass access restrictions, enabling them to view and/or alter Single sign-on settings. This is achieved via unspecified vectors.

Recommendations For versions 4.0.0 through 5.0.1, consider restricting access to Single sign-on settings until a patch is available. As a temporary workaround, limit the ability to alter Single sign-on settings to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-5580

Affected Products

Cybozu Garoon

PT-2020-18554 · Cybozu · Cybozu Garoon

CVE-2020-5580

Related Identifiers

Affected Products

References · 5