Japan Vulnerability NotesJVN:71045461JVN#71045461: Cybozu Garoon vulnerable to SQL injection
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
66.2%
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the process of downloading files, which may result in SQL injection.
Impact
A user who can log in to the system may obtain or alter information on the system.
Solution
For Cybozu Garoon 3.7:**
Apply the Patch**
Apply the appropriate patch according to the information provided by the developer.
For Cybozu Garoon 3.5 and earlier and Cybozu Garoon 2.5.4 and earlier:
Update the Software and apply the patch
Update to the latest version, and then apply the appropriate patch according to the information provided by the developer.
Products Affected
- Cybozu Garoon 2.5.4 and earlier
- Cybozu Garoon 3.7 Service Pack 3 and earlier
Related
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
66.2%