Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable. No vendor patch available.
Authentication Bypass
Garoon
NVD
CVSS 2.0
7.0
EPSS
0.2%