Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a vulnerability in session management.
A user who can log in to the product may impersonate an arbitrary user. As a result, information may be altered or disclosed.
For Cybozu Garoon 3.7:
Apply the Patch
Apply the appropriate patch according to the information provided by the developer.
For Cybozu Garoon 3.5 and earlier and Cybozu Garoon 2.5.4 and earlier:
Update the Software and apply the patch
Update to the latest version, and then apply the appropriate patch according to the information provided by the developer.
## Products Affected