CVE-2023-27384

Name of the Vulnerable Software and Affected Versions Cybozu Garoon version 5.15.0

Description The issue is related to an operation restriction bypass vulnerability in the MultiReport component of Cybozu Garoon, which is associated with inadequate access control. This vulnerability can be exploited by a remote authenticated attacker to alter the data of MultiReport, potentially impacting the integrity of protected information.

Recommendations For Cybozu Garoon version 5.15.0, consider restricting access to the MultiReport component until a patch is available. As a temporary workaround, disabling the vulnerable functionality in MultiReport may help minimize the risk of exploitation.