CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
EPSS
Percentile
49.3%
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a vulnerability in session management.
A user who can log in to the product may impersonate an arbitrary user. As a result, information may be altered or disclosed.
For Cybozu Garoon 3.7:
Apply the Patch
Apply the appropriate patch according to the information provided by the developer.
For Cybozu Garoon 3.5 and earlier and Cybozu Garoon 2.5.4 and earlier:
Update the Software and apply the patch
Update to the latest version, and then apply the appropriate patch according to the information provided by the developer.