CVE-2017-2145

Published: Jul 7, 2017Modified: May 13, 2026

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.

Affected (9)

Products: Cybozu: Garoon

1 product

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Cybozu Garoon	Version 4.0.0
Cybozu Garoon	Version 4.0.1
Cybozu Garoon	Version 4.0.2
Cybozu Garoon	Version 4.0.3
Cybozu Garoon	Version 4.2.0
Cybozu Garoon	Version 4.2.1
Cybozu Garoon	Version 4.2.2
Cybozu Garoon	Version 4.2.3
Cybozu Garoon	Version 4.2.4

Related CWEs

Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References (4)

http://jvn.jp/en/jp/JVN43534286/index.html

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

https://support.cybozu.com/ja-jp/article/9695

Source: vultures@jpcert.or.jp

Vendor Advisory

http://jvn.jp/en/jp/JVN43534286/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://support.cybozu.com/ja-jp/article/9695

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.