JVN#71877187: Cybozu Garoon vulnerable to SQL injection

2019-08-26T00:00:00
ID JVN:71877187
Type jvn
Reporter Japan Vulnerability Notes
Modified 2019-08-26T00:00:00

Description

## Description

Cybozu Garoon provided by Cybozu, Inc. contains an SQL injection vulnerability (CWE-89) in the processing of Todo portlet.

## Impact

A user who can login to the product may obtain or alter information stored in the database.

## Solution

Apply the Patch
Apply the patch according to the information provided by the developer.

## Products Affected

  • Cybozu Garoon 4.0.0 to 4.10.3