Vulnerability identifier: #VU64870
Vulnerability risk: Low
CVSSv3.1:
CVE-ID:
CWE-ID:
Exploitation vector: Network
Exploit availability:
Vulnerable software:
Cybozu Garoon
Web applications /
Other software
Vendor: Cybozu
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Bulletin. A remote user can bypass implemented security restrictions and obtain the data of Bulletin.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Cybozu Garoon: 4.0.0 - 5.9.1
Fixed software versions
CPE
External links
http://jvn.jp/en/jp/JVN14077132/index.html
http://cs.cybozu.co.jp/2022/007682.html
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?