LDAP Injection Vulnerability in Cybozu Garoon

CVE-2015-5649 · HIGH Severity

AV:N/AC:M/AU:S/C:C/I:P/A:N

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges.

Learn more about our User Device Pen Test.