CVE-2015-5649

Cybozu Garoon <4.0.3 - Auth Bypass

Title source: llm

Description

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges.

References (3)

[Vendor Advisory] http://jvn.jp/en/jp/JVN38369032/index.html

[Vendor Advisory] http://jvndb.jvn.jp/jvndb/JVNDB-2015-000152

[Vendor Advisory] https://support.cybozu.com/ja-jp/article/9176

Scores

EPSS 0.0016

EPSS Percentile 36.8%

Classification

CWE

CWE-287

Status draft

Affected Products (23)

cybozu/garoon

... and 8 more

Timeline

Published Oct 08, 2015

Tracked Since Feb 18, 2026