CVE-2015-5649
Severity Score
7.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges.
Cybozu Garoon 3.x hasta la versión 3.7.5 y 4.x hasta la versión 4.0.3, no maneja correctamente peticiones de autenticación, lo que permite a usuarios remotos autenticados llevar a cabo ataques de inyección LDAP y, consecuentemente, eludir las restricciones destinadas al inicio de sesión u obtener información sensible mediante el aprovechamiento de ciertos privilegios del grupo administración.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-07-24 CVE Reserved
- 2015-10-08 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://jvn.jp/en/jp/JVN38369032/index.html | 2015-10-09 | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2015-000152 | 2015-10-09 | |
| https://support.cybozu.com/ja-jp/article/9176 | 2015-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.0.0 Search vendor "Cybozu" for product "Garoon" and version "3.0.0" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.0.1 Search vendor "Cybozu" for product "Garoon" and version "3.0.1" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.0.2 Search vendor "Cybozu" for product "Garoon" and version "3.0.2" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.0.3 Search vendor "Cybozu" for product "Garoon" and version "3.0.3" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.1.0 Search vendor "Cybozu" for product "Garoon" and version "3.1.0" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.1.1 Search vendor "Cybozu" for product "Garoon" and version "3.1.1" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.1.2 Search vendor "Cybozu" for product "Garoon" and version "3.1.2" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.1.3 Search vendor "Cybozu" for product "Garoon" and version "3.1.3" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.5.0 Search vendor "Cybozu" for product "Garoon" and version "3.5.0" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.5.1 Search vendor "Cybozu" for product "Garoon" and version "3.5.1" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.5.2 Search vendor "Cybozu" for product "Garoon" and version "3.5.2" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.5.3 Search vendor "Cybozu" for product "Garoon" and version "3.5.3" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.5.4 Search vendor "Cybozu" for product "Garoon" and version "3.5.4" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.5.5 Search vendor "Cybozu" for product "Garoon" and version "3.5.5" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.7 Search vendor "Cybozu" for product "Garoon" and version "3.7" | sp1 |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.7 Search vendor "Cybozu" for product "Garoon" and version "3.7" | sp2 |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.7 Search vendor "Cybozu" for product "Garoon" and version "3.7" | sp3 |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.7.0 Search vendor "Cybozu" for product "Garoon" and version "3.7.0" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.7.1 Search vendor "Cybozu" for product "Garoon" and version "3.7.1" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.7.2 Search vendor "Cybozu" for product "Garoon" and version "3.7.2" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 3.7.3 Search vendor "Cybozu" for product "Garoon" and version "3.7.3" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 4.0.0 Search vendor "Cybozu" for product "Garoon" and version "4.0.0" | - |
Affected
| ||||||
| Cybozu Search vendor "Cybozu" | Garoon Search vendor "Cybozu" for product "Garoon" | 4.0.3 Search vendor "Cybozu" for product "Garoon" and version "4.0.3" | - |
Affected
| ||||||