Security

Critical

High

Medium

Low

Identifier

CVE-2014-0817

Reporter

jpcert

State

PUBLISHED

Published

2014-02-27 01:00:00 UTC

Got Fix

CWE

Affected Count

Last Updated

2024-08-06 09:27:20 UTC

Description

Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.

CVSS Metrics

CVSS

AV - Attack Vector N/A
AC - Attack Complexity N/A
PR - Privileges Required N/A
UI - User Interaction N/A

AI - Availability Impact N/A
CI - Confidentiality N/A
II - Integrity Impact N/A

SC - Scope N/A
V - Version N/A

References

1 http://cs.cybozu.co.jp/information/gr20140225up03.php 2 https://support.cybozu.com/ja-jp/article/7992 3 http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021 4 http://jvn.jp/en/jp/JVN24035499/index.html

Affected Products

Weakness Enumeration

TYPE	Description
text	n/a

Identifier

Reporter

State

Published

Got Fix

CWE

Affected Count

Last Updated

Repository:

Vendor:

Identifier

Reporter

State

Published

Got Fix

CWE

Affected Count

Last Updated

n/a

Repository:

Vendor: