CVE-2014-0821

SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
cybozugaroon
2.0:sp1
cybozugaroon
2.0:sp2
cybozugaroon
2.0:sp3
cybozugaroon
2.0:sp4
cybozugaroon
2.0:sp5
cybozugaroon
2.0:sp6
cybozugaroon
2.0.0
cybozugaroon
2.0.1
cybozugaroon
2.0.2
cybozugaroon
2.0.3
cybozugaroon
2.0.4
cybozugaroon
2.0.5
cybozugaroon
2.0.6
cybozugaroon
2.1
cybozugaroon
2.1:sp1
cybozugaroon
2.1:sp2
cybozugaroon
2.1:sp3
cybozugaroon
2.1.0
cybozugaroon
2.1.1
cybozugaroon
2.1.2
cybozugaroon
2.1.3
cybozugaroon
2.5
cybozugaroon
2.5:sp1
cybozugaroon
2.5:sp2
cybozugaroon
2.5:sp3
cybozugaroon
2.5:sp4
cybozugaroon
2.5.0
cybozugaroon
2.5.1
cybozugaroon
2.5.2
cybozugaroon
2.5.3
cybozugaroon
2.5.4
cybozugaroon
3.0
cybozugaroon
3.0:sp1
cybozugaroon
3.0:sp2
cybozugaroon
3.0:sp3
cybozugaroon
3.1
cybozugaroon
3.1:sp1
cybozugaroon
3.1:sp2
cybozugaroon
3.1:sp3
cybozugaroon
3.5
cybozugaroon
3.5:sp1
cybozugaroon
3.5:sp2
cybozugaroon
3.5:sp3
cybozugaroon
3.5:sp4
cybozugaroon
3.5:sp5
cybozugaroon
3.5.3
cybozugaroon
3.7
cybozugaroon
3.7:sp1
cybozugaroon
3.7:sp2
cybozugaroon
3.7:sp3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://cs.cybozu.co.jp/information/gr20140225up04.php
http://jvn.jp/en/jp/JVN71045461/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000024
http://www.securityfocus.com/bid/65809
https://support.cybozu.com/ja-jp/article/7993
http://cs.cybozu.co.jp/information/gr20140225up04.php
http://jvn.jp/en/jp/JVN71045461/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000024
http://www.securityfocus.com/bid/65809
https://support.cybozu.com/ja-jp/article/7993