Lucene search

JpcertCVE-2013-6001

HistoryDec 05, 2013 - 12:55 p.m.

CVE-2013-6001

2013-12-0512:55:30

CWE-89

jpcert

web.nvd.nist.gov

cve-2013-6001

sql injection

cybozu garoon

nvd

security vulnerability

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.002

Percentile

58.6%

JSON

SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Affected configurations

Nvd

Node

cybozugaroonRange≤3.7

cybozugaroonMatch2.0sp1

cybozugaroonMatch2.0sp2

cybozugaroonMatch2.0sp3

cybozugaroonMatch2.0sp4

cybozugaroonMatch2.0sp5

cybozugaroonMatch2.0sp6

cybozugaroonMatch2.1

cybozugaroonMatch2.1sp1

cybozugaroonMatch2.1sp2

cybozugaroonMatch2.1sp3

cybozugaroonMatch2.5

cybozugaroonMatch2.5sp1

cybozugaroonMatch2.5sp2

cybozugaroonMatch2.5sp3

cybozugaroonMatch2.5sp4

cybozugaroonMatch3.0

cybozugaroonMatch3.0sp1

cybozugaroonMatch3.0sp2

cybozugaroonMatch3.0sp3

cybozugaroonMatch3.1

cybozugaroonMatch3.1sp1

cybozugaroonMatch3.1sp2

cybozugaroonMatch3.1sp3

cybozugaroonMatch3.5

cybozugaroonMatch3.5sp1

cybozugaroonMatch3.5sp2

cybozugaroonMatch3.5sp3

cybozugaroonMatch3.5sp4

cybozugaroonMatch3.5sp5

VendorProductVersionCPE
cybozugaroon*cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*
cybozugaroon2.0cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*
cybozugaroon2.0cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*
cybozugaroon2.0cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*
cybozugaroon2.0cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*
cybozugaroon2.0cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*
cybozugaroon2.0cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*
cybozugaroon2.1cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*
cybozugaroon2.1cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*
cybozugaroon2.1cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
cybozu	garoon	*	cpe:2.3:a:cybozu:garoon::::::::
cybozu	garoon	2.0	cpe:2.3:a:cybozu:garoon:2.0:sp1::::::
cybozu	garoon	2.0	cpe:2.3:a:cybozu:garoon:2.0:sp2::::::
cybozu	garoon	2.0	cpe:2.3:a:cybozu:garoon:2.0:sp3::::::
cybozu	garoon	2.0	cpe:2.3:a:cybozu:garoon:2.0:sp4::::::
cybozu	garoon	2.0	cpe:2.3:a:cybozu:garoon:2.0:sp5::::::
cybozu	garoon	2.0	cpe:2.3:a:cybozu:garoon:2.0:sp6::::::
cybozu	garoon	2.1	cpe:2.3:a:cybozu:garoon:2.1:::::::*
cybozu	garoon	2.1	cpe:2.3:a:cybozu:garoon:2.1:sp1::::::
cybozu	garoon	2.1	cpe:2.3:a:cybozu:garoon:2.1:sp2::::::

Rows per page:

1-10 of 301

References

cs.cybozu.co.jp/information/20131202up01.php

jvn.jp/en/jp/JVN82375148/index.html

jvndb.jvn.jp/jvndb/JVNDB-2013-000114

products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html

support.cybozu.com/ja-jp/article/6955

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.002

Percentile

58.6%

JSON

Related for CVE-2013-6001