Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-26054PUBLISHED: 2022-07-04Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.
CVE-2022-26368PUBLISHED: 2022-07-04Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.
CVE-2022-27627PUBLISHED: 2022-07-04Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.
CVE-2022-27661PUBLISHED: 2022-07-04Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.
CVE-2022-27803PUBLISHED: 2022-07-04Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.
User Rank: Ninja
7/2/2017 | 12:09:37 AM
One of my favorite examples of this that I like to use with clients is of a local hospital that (true story) has certain large trash bins throughout that are very prominently and clearly labeled as being for the disposal of documents containing HIPAA-protected information.
The problem, however, is that if I'm a bad guy, I know exactly where to look for that information. I just have to shove my arm into the bin and grab some papers and quickly dart off.
So while that's a very "compliant" thing to do, it's not at all secure.