First published: Fri Apr 28 2017(Updated: )
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Cybozu Garoon | =3.0.0 | |
Cybozu Garoon | =3.0.1 | |
Cybozu Garoon | =3.0.2 | |
Cybozu Garoon | =3.0.3 | |
Cybozu Garoon | =3.1.0 | |
Cybozu Garoon | =3.1.1 | |
Cybozu Garoon | =3.1.2 | |
Cybozu Garoon | =3.1.3 | |
Cybozu Garoon | =3.5.0 | |
Cybozu Garoon | =3.5.1 | |
Cybozu Garoon | =3.5.2 | |
Cybozu Garoon | =3.5.3 | |
Cybozu Garoon | =3.5.4 | |
Cybozu Garoon | =3.5.5 | |
Cybozu Garoon | =3.7.0 | |
Cybozu Garoon | =3.7.1 | |
Cybozu Garoon | =3.7.2 | |
Cybozu Garoon | =3.7.3 | |
Cybozu Garoon | =3.7.4 | |
Cybozu Garoon | =3.7.5 | |
Cybozu Garoon | =4.0.0 | |
Cybozu Garoon | =4.0.1 | |
Cybozu Garoon | =4.0.2 | |
Cybozu Garoon | =4.0.3 | |
Cybozu Garoon | =4.2.0 | |
Cybozu Garoon | =4.2.1 | |
Cybozu Garoon | =4.2.2 | |
Cybozu Garoon | =4.2.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-2091 is categorized with a severity level that allows for significant security risks related to unauthorized message access.
To fix CVE-2017-2091, update Cybozu Garoon to version 4.2.4 or later.
CVE-2017-2091 introduces vulnerabilities that allow remote authenticated attackers to bypass access restrictions in the Phone Messages function.
CVE-2017-2091 affects Cybozu Garoon versions from 3.0.0 to 4.2.3.
Attackers exploiting CVE-2017-2091 can alter the status of phone messages without proper authorization.