JVN#60997973: Cybozu Garoon vulnerable to SQL injection

2013-12-25T00:00:00
ID JVN:60997973
Type jvn
Reporter Japan Vulnerability Notes
Modified 2013-12-25T00:00:00

Description

## Description

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in processing input through API, which may result in SQL injection.

## Impact

A user who can log in to the system may alter information stored in the database.

## Solution

Apply the Patch
Apply the appropriate patch according to the information provided by the developer.

## Products Affected

  • Cybozu Garoon version 3.7 Service Pack 2 and earlier