CVE-2014-0817

Sažetak

Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.

Reference

http://cs.cybozu.co.jp/information/gr20140225up03.php
http://jvn.jp/en/jp/JVN24035499/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021
https://support.cybozu.com/ja-jp/article/7992

CVSS

Base:	4.9
Impact:	4.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:N

Zadnje važnije ažuriranje

27-02-2014 - 17:08

Objavljeno

27-02-2014 - 01:55