Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.
References
Link | Resource |
---|---|
https://support.cybozu.com/ja-jp/article/7992 | Patch Vendor Advisory |
http://cs.cybozu.co.jp/information/gr20140225up03.php | Vendor Advisory |
http://jvn.jp/en/jp/JVN24035499/index.html | |
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2014-02-26 17:55
Updated : 2014-02-27 09:08
NVD link : CVE-2014-0817
Mitre link : CVE-2014-0817
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
cybozu
- garoon