Main Vulnerability Database Vulnerabilities #VU55474

#VU55474 Input validation error in Cybozu Garoon - CVE-2021-20768

Published: August 2, 2021

Vulnerability identifier: #VU55474

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-20768

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cybozu Garoon

Software vendor:
Cybozu

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input in Scheduler and MultiReport. A remote authenticated attacker can pass specially crafted input to the application and delete the data of Scheduler and MultiReport without the appropriate privilege

Remediation

Install updates from vendor's website.

External links

https://jvn.jp/en/jp/JVN54794245/index.html
https://cs.cybozu.co.jp/2021/007206.html