CVE-2016-1189
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
Date published : 2016-06-25
https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03