First published: Wed Aug 18 2021(Updated: )
Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Cybozu Garoon | >=4.0.0<=5.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this operational restrictions bypass vulnerability in E-mail of Cybozu Garoon is CVE-2021-20757.
The severity of CVE-2021-20757 is medium with a CVSS score of 4.3.
Versions 4.0.0 to 5.0.2 of Cybozu Garoon are affected by CVE-2021-20757.
CVE-2021-20757 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege by bypassing operational restrictions in the E-mail feature of Cybozu Garoon.
Yes, please refer to the official references provided for information on how to fix the vulnerability.