Description
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.
References (3)
Core 3
Core References
Vendor Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000074
Vendor Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN31082531/index.html
Vendor Advisory x_refsource_confirm
http://cs.cybozu.co.jp/information/gr20140714up01.php
Scores
EPSS
0.0075
EPSS Percentile
73.4%
Details
CWE
CWE-264
Status
published
Products (2)
cybozu/garoon
3.7 sp1 (3 CPE variants)
cybozu/garoon
3.7.0
Published
Jul 20, 2014
Tracked Since
Feb 18, 2026