CVE-2017-2094

MEDIUM

Cybozu Garoon <4.2.3 - Auth Bypass

Title source: llm

Description

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.

References (3)

Scores

CVSS v3 4.3
EPSS 0.0015
EPSS Percentile 35.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Classification

CWE
CWE-269
Status published

Affected Products (29)

cybozu/garoon
cybozu/garoon
cybozu/garoon
cybozu/garoon
cybozu/garoon
cybozu/garoon
cybozu/garoon
cybozu/garoon
cybozu/garoon
cybozu/garoon
cybozu/garoon
cybozu/garoon
cybozu/garoon
cybozu/garoon
cybozu/garoon
... and 14 more

Timeline

Published Apr 28, 2017
Tracked Since Feb 18, 2026