CVE-2014-0817 Information

Description

Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.

Reference

http://cs.cybozu.co.jp/information/gr20140225up03.php http://jvn.jp/en/jp/JVN24035499/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021 https://support.cybozu.com/ja-jp/article/7992