Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.
References
Link | Resource |
---|---|
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000082 | Vendor Advisory |
http://jvn.jp/en/jp/JVN33879831/index.html | Vendor Advisory |
https://support.cybozu.com/ja-jp/article/8970 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2016-06-19 13:59
Updated : 2016-06-21 11:13
NVD link : CVE-2016-1196
Mitre link : CVE-2016-1196
JSON object : View
CWE
Products Affected
cybozu
- garoon