JVN#83568336: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability in the “Messages” function.

Impact

An authenticated attacker may obtain or alter information stored in the database.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Products Affected

• Cybozu Garoon 3.0.0 to 4.2.1