CVE-2015-5649 Information

Description

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests which allows remote authenticated users to conduct LDAP injection attacks and consequently bypass intended login restrictions or obtain sensitive information by leveraging certain group-administration privileges.

Reference

http://jvn.jp/en/jp/JVN38369032/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000152 https://support.cybozu.com/ja-jp/article/9176