CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
69.7%
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the process of downloading files, which may result in SQL injection.
A user who can log in to the system may obtain or alter information on the system.
For Cybozu Garoon 3.7:**
Apply the Patch**
Apply the appropriate patch according to the information provided by the developer.
For Cybozu Garoon 3.5 and earlier and Cybozu Garoon 2.5.4 and earlier:
Update the Software and apply the patch
Update to the latest version, and then apply the appropriate patch according to the information provided by the developer.