First published: Wed Aug 18 2021(Updated: )
Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Cybozu Garoon | >=4.0.0<=5.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-20754 is an improper input validation vulnerability in the Workflow of Cybozu Garoon 4.0.0 to 5.0.2 that allows a remote authenticated attacker to alter the data of the Workflow without the appropriate privilege.
The severity of CVE-2021-20754 is medium with a CVSS severity score of 4.3.
CVE-2021-20754 affects Cybozu Garoon versions 4.0.0 to 5.0.2.
An attacker can exploit CVE-2021-20754 by leveraging improper input validation in the Workflow feature of Cybozu Garoon with remote authentication, allowing them to alter Workflow data without the appropriate privilege.
Yes, it is recommended to update Cybozu Garoon to a version beyond 5.0.2 to fix CVE-2021-20754.