Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cybozu Garoon 授权问题漏洞
Vulnerability Description
Cybozu Garoon是日本才望子(Cybozu)公司的一套门户型OA办公系统。该系统提供门户、E-mail、书签、日程安排、公告栏、文件管理等功能,并支持在三种语言(中、日、英)中自由切换。 Cybozu Garoon 3.x版本至3.7.5版本和4.x版本至4.0.3版本中存在安全漏洞,该漏洞源于程序没有正确处理身份验证请求。远程攻击者可借助group-administration权限利用该漏洞实施LDAP注入攻击,绕过既定的登录限制,或获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A