Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-0821

Опубликовано: 27 фев. 2014
Источник: nvd
CVSS2: 6.5
EPSS Низкий

Описание

SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:2.5.4:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.7:sp2:*:*:*:*:*:*
cpe:2.3:a:cybozu:garoon:3.7:sp3:*:*:*:*:*:*

EPSS

Процентиль: 59%
0.0039
Низкий

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

github логотип

GHSA-x7vq-rqx8-2699

github
больше 3 лет назад

SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931.

EPSS

Процентиль: 59%
0.0039
Низкий

6.5 Medium

CVSS2

Дефекты

CWE-89