CVE-2024-39817

Name of the Vulnerable Software and Affected Versions Cybozu Office versions 10.0.0 through 10.8.6

Description The issue allows a user who can login to the product to view data that the user does not have access to by conducting 'search' under certain conditions in Custom App. This is due to the insertion of sensitive information into sent data.

Recommendations For Cybozu Office versions 10.0.0 through 10.8.6, consider restricting access to the Custom App search function until a patch is available. As a temporary workaround, limit user privileges to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.