CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:C/I:P/A:N
EPSS
Percentile
46.9%
Cybozu Garoon is a groupware. Cybozu Garoon contains an issue in processing authentication requests, which may result in an LDAP injection vulnerability.
A malicious user authorized to administer uesrs in certain groups may obtain information from the authentication server or may perform an unauthorized login to the product.
Apply the Patch
Apply the appropriate patch according to the information provided by the developer.
[Added on June 2, 2016]
Update the Software
Cybozu Garoon 4.2.0 has been released, which addressed this vulnerability.
Update to the latest version according to the information provided by the developer.