Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0821

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2014-0821
Last Modified 13 Aug 2015 01:54:01
Published 26 Feb 2014 08:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-0821

Summary

SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931.

Vulnerable Systems

Application

  • Cybozu Garoon 2.0

  • Cybozu Garoon 2.0.0

  • Cybozu Garoon 2.0.1

  • Cybozu Garoon 2.0.2

  • Cybozu Garoon 2.0.3

  • Cybozu Garoon 2.0.4

  • Cybozu Garoon 2.0.5

  • Cybozu Garoon 2.0.6

  • Cybozu Garoon 2.1

  • Cybozu Garoon 2.1.0

  • Cybozu Garoon 2.1.1

  • Cybozu Garoon 2.1.2

  • Cybozu Garoon 2.1.3

  • Cybozu Garoon 2.5

  • Cybozu Garoon 2.5.0

  • Cybozu Garoon 2.5.1

  • Cybozu Garoon 2.5.2

  • Cybozu Garoon 2.5.3

  • Cybozu Garoon 2.5.4

  • Cybozu Garoon 3.0

  • Cybozu Garoon 3.1

  • Cybozu Garoon 3.5

  • Cybozu Garoon 3.5.3

  • Cybozu Garoon 3.7


References

CONFIRM - https://support.cybozu.com/ja-jp/article/7993

JVNDB - JVNDB-2014-000024

JVN - JVN#71045461

CONFIRM - http://cs.cybozu.co.jp/information/gr20140225up04.php

BID - 65809


Last Updated: 27 May 2016 10:55:16