7
CVE-2015-5649
- EPSS 1.24%
- Veröffentlicht 08.10.2015 20:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginCybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.24% | 0.653 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7 | 6.8 | 7.8 |
AV:N/AC:M/Au:S/C:C/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://jvn.jp/en/jp/JVN38369032/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000152
https://support.cybozu.com/ja-jp/article/9176