PT-2019-17875 · Cybozu · Cybozu Garoon

Toshitsugu Yoneyama

Publicado

2019-05-17

Atualizado

2019-05-20

CVE-2019-5934

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cybozu Garoon versions 4.0.0 through 4.10.0

Description The issue allows an attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of the 'logging' application.

Recommendations For Cybozu Garoon versions 4.0.0 through 4.10.0, consider restricting access to the Log Search function in the 'logging' application until a fix is available. As a temporary workaround, limit the privileges of users who can access the Log Search function to minimize the risk of exploitation.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2019-5934

Produtos afetados

Cybozu Garoon

PT-2019-17875 · Cybozu · Cybozu Garoon

CVE-2019-5934

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4