Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Garoon | Cybozu | 3.1.0 (including) | 3.1.0 (including) |
| Garoon | Cybozu | 3.1.1 (including) | 3.1.1 (including) |
| Garoon | Cybozu | 3.1.2 (including) | 3.1.2 (including) |
| Garoon | Cybozu | 3.1.3 (including) | 3.1.3 (including) |
| Garoon | Cybozu | 3.5.0 (including) | 3.5.0 (including) |
| Garoon | Cybozu | 3.5.1 (including) | 3.5.1 (including) |
| Garoon | Cybozu | 3.5.2 (including) | 3.5.2 (including) |
| Garoon | Cybozu | 3.5.3 (including) | 3.5.3 (including) |
| Garoon | Cybozu | 3.5.4 (including) | 3.5.4 (including) |
| Garoon | Cybozu | 3.5.5 (including) | 3.5.5 (including) |
| Garoon | Cybozu | 3.7.0 (including) | 3.7.0 (including) |
| Garoon | Cybozu | 3.7.1 (including) | 3.7.1 (including) |
| Garoon | Cybozu | 3.7.2 (including) | 3.7.2 (including) |
| Garoon | Cybozu | 3.7.3 (including) | 3.7.3 (including) |
| Garoon | Cybozu | 3.7.4 (including) | 3.7.4 (including) |
| Garoon | Cybozu | 3.7.5 (including) | 3.7.5 (including) |
| Garoon | Cybozu | 4.0.0 (including) | 4.0.0 (including) |
| Garoon | Cybozu | 4.0.1 (including) | 4.0.1 (including) |
| Garoon | Cybozu | 4.0.2 (including) | 4.0.2 (including) |
| Garoon | Cybozu | 4.0.3 (including) | 4.0.3 (including) |
| Garoon | Cybozu | 4.2.0 (including) | 4.2.0 (including) |
References
- http://jvn.jp/en/jp/JVN18975349/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000093
- https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03
- https://support.cybozu.com/ja-jp/article/9020
- http://jvn.jp/en/jp/JVN18975349/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000093
- https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03
- https://support.cybozu.com/ja-jp/article/9020