CVE-2014-0817

Cybozu Garoon 2.x-2.5.4 and 3.x-3.7 SP3 - Authenticated Session Impersonation

Title source: llm
STIX 2.1

Description

Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.

References (4)

Core 4
Core References
Vendor Advisory x_refsource_confirm
http://cs.cybozu.co.jp/information/gr20140225up03.php
Patch, Vendor Advisory x_refsource_confirm
https://support.cybozu.com/ja-jp/article/7992
Third Party Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN24035499/index.html

Scores

EPSS 0.0027
EPSS Percentile 50.9%

Details

CWE
CWE-264
Status published
Products (24)
cybozu/garoon 2.0 sp1 (6 CPE variants)
cybozu/garoon 2.0.0
cybozu/garoon 2.0.1
cybozu/garoon 2.0.2
cybozu/garoon 2.0.3
cybozu/garoon 2.0.4
cybozu/garoon 2.0.5
cybozu/garoon 2.0.6
cybozu/garoon 2.1 (4 CPE variants)
cybozu/garoon 2.1.0
... and 14 more
Published Feb 27, 2014
Tracked Since Feb 18, 2026