CVE-2020-5582

Name of the Vulnerable Software and Affected Versions Cybozu Garoon versions 4.0.0 through 5.0.1

Description The issue allows remote authenticated attackers to bypass access restrictions and alter data for files attached to reports. The exact vectors used for this bypass are not specified.

Recommendations For versions 4.0.0 through 5.0.1, consider restricting access to the report attachment feature until a patch is available. As a temporary workaround, limit the ability to alter file data attached to reports to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.