JVN#24035499: Cybozu Garoon vulnerable to session management

2014-02-26T00:00:00
ID JVN:24035499
Type jvn
Reporter Japan Vulnerability Notes
Modified 2014-02-26T00:00:00

Description

## Description

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a vulnerability in session management.

## Impact

A user who can log in to the product may impersonate an arbitrary user. As a result, information may be altered or disclosed.

## Solution

For Cybozu Garoon 3.7:
Apply the Patch
Apply the appropriate patch according to the information provided by the developer.

For Cybozu Garoon 3.5 and earlier and Cybozu Garoon 2.5.4 and earlier:
Update the Software and apply the patch
Update to the latest version, and then apply the appropriate patch according to the information provided by the developer.

## Products Affected

  • Cybozu Garoon 2.5.4 and earlier
  • Cybozu Garoon 3.7 Service Pack 3 and earlier