CVE-2015-5649

Name of the Vulnerable Software and Affected Versions Cybozu Garoon versions 3.x through 3.7.5 Cybozu Garoon versions 4.x through 4.0.3

Description The issue concerns the mishandling of authentication requests, allowing remote authenticated users to conduct LDAP injection attacks. This can lead to the bypassing of intended login restrictions or the obtaining of sensitive information by leveraging certain group-administration privileges.

Recommendations For versions 3.x through 3.7.5, update to a version later than 3.7.5 to resolve the issue. For versions 4.x through 4.0.3, update to a version later than 4.0.3 to resolve the issue. As a temporary workaround, consider restricting group-administration privileges to minimize the risk of exploitation.