Vulnerability Details CVE-2014-0821
SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.1%
CVSS Severity
CVSS v2 Score 6.5
References
- http://cs.cybozu.co.jp/information/gr20140225up04.php
- http://jvn.jp/en/jp/JVN71045461/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000024
- http://www.securityfocus.com/bid/65809
- https://support.cybozu.com/ja-jp/article/7993
- http://cs.cybozu.co.jp/information/gr20140225up04.php
- http://jvn.jp/en/jp/JVN71045461/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000024
- http://www.securityfocus.com/bid/65809
- https://support.cybozu.com/ja-jp/article/7993
Products affected by CVE-2014-0821
-
cpe:2.3:a:cybozu:garoon:2.0
-
cpe:2.3:a:cybozu:garoon:2.0.0
-
cpe:2.3:a:cybozu:garoon:2.0.1
-
cpe:2.3:a:cybozu:garoon:2.0.2
-
cpe:2.3:a:cybozu:garoon:2.0.3
-
cpe:2.3:a:cybozu:garoon:2.0.4
-
cpe:2.3:a:cybozu:garoon:2.0.5
-
cpe:2.3:a:cybozu:garoon:2.0.6
-
cpe:2.3:a:cybozu:garoon:2.1
-
cpe:2.3:a:cybozu:garoon:2.1.0
-
cpe:2.3:a:cybozu:garoon:2.1.1
-
cpe:2.3:a:cybozu:garoon:2.1.2
-
cpe:2.3:a:cybozu:garoon:2.1.3
-
cpe:2.3:a:cybozu:garoon:2.5
-
cpe:2.3:a:cybozu:garoon:2.5.0
-
cpe:2.3:a:cybozu:garoon:2.5.1
-
cpe:2.3:a:cybozu:garoon:2.5.2
-
cpe:2.3:a:cybozu:garoon:2.5.3
-
cpe:2.3:a:cybozu:garoon:2.5.4
-
cpe:2.3:a:cybozu:garoon:3.0
-
cpe:2.3:a:cybozu:garoon:3.1
-
cpe:2.3:a:cybozu:garoon:3.5
-
cpe:2.3:a:cybozu:garoon:3.5.3
-
cpe:2.3:a:cybozu:garoon:3.7