CVE-2015-5649
Cybozu Garoon 3.x-3.7.5 and 4.x-4.0.3 - Authenticated LDAP Injection
Title source: llmDescription
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges.
References (3)
Core 3
Core References
Vendor Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN38369032/index.html
Vendor Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000152
Vendor Advisory x_refsource_confirm
https://support.cybozu.com/ja-jp/article/9176
Scores
EPSS
0.0016
EPSS Percentile
36.6%
Details
CWE
CWE-287
Status
published
Products (21)
cybozu/garoon
3.0.0
cybozu/garoon
3.0.1
cybozu/garoon
3.0.2
cybozu/garoon
3.0.3
cybozu/garoon
3.1.0
cybozu/garoon
3.1.1
cybozu/garoon
3.1.2
cybozu/garoon
3.1.3
cybozu/garoon
3.5.0
cybozu/garoon
3.5.1
... and 11 more
Published
Oct 08, 2015
Tracked Since
Feb 18, 2026