[Japanese]
|
JVNDB-2014-000024
|
Cybozu Garoon vulnerable to SQL injection
|
Cybozu Garoon contains a SQL injection vulnerability.
Note that this vulnerability is different from JVN#91153528.
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the process of downloading files, which may result in SQL injection.
|
CVSS V2 Severity: Base Metrics 6.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: Single Instance
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
Cybozu, Inc.
- Cybozu Garoon 2.5.4 and earlier
- Cybozu Garoon 3.7 Service Pack 3 and earlier
|
|
A user who can log in to the system may obtain or alter information on the system.
|
For Cybozu Garoon 3.7:
[Apply the Patch]
Apply the appropriate patch according to the information provided by the developer.
For Cybozu Garoon 3.5 and earlier and Cybozu Garoon 2.5.4 and earlier:
[Update the Software and apply the patch]
Update to the latest version, and then apply the appropriate patch according to the information provided by the developer.
|
Cybozu, Inc.
|
- SQL Injection(CWE-89) [IPA Evaluation]
|
- CVE-2014-0821
|
- JVN : JVN#71045461
- National Vulnerability Database (NVD) : CVE-2014-0821
|
- [2014/02/26]
Web page was published
[2014/03/03]
References : Content was added
|