cbcvebase.

Cybozu Garoon vulnerabilities

198 known vulnerabilities affecting cybozu/garoon.

Total CVEs
198
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH24MEDIUM158LOW12

Vulnerabilities

Page 1 of 10
CVE-2014-1987P3CRITICALCVSS 10.0v3.1.0v3.1.1+9 more2014-07-20
CVE-2014-1987 [CRITICAL] CWE-78 CVE-2014-1987: The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrar The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors.
nvd
CVE-2016-1219P3CRITICALCVSS 9.8≤ 4.2.12017-04-20
CVE-2016-1219 [CRITICAL] CWE-287 CVE-2016-1219: Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors relate Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
nvd
CVE-2006-4444P3MEDIUMCVSS 6.5PoCv2.1.0_for_windows2006-08-29
CVE-2006-4444 [MEDIUM] CVE-2006-4444: Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print function
nvd
CVE-2019-5945P3CRITICALCVSS 9.8≥ 4.2.4, ≤ 4.10.12019-05-17
CVE-2019-5945 [CRITICAL] CVE-2019-5945: Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.
nvd
CVE-2016-7803P3HIGHCVSS 8.8v3.0.0v3.0.1+25 more2017-06-09
CVE-2016-7803 [HIGH] CWE-89 CVE-2016-7803: SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attacker SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
nvd
CVE-2018-0530P3HIGHCVSS 8.8≥ 3.5.0, ≤ 4.2.62018-04-16
CVE-2018-0530 [HIGH] CWE-89 CVE-2018-0530: SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attacker SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
nvd
CVE-2018-0607P3HIGHCVSS 8.8≥ 3.5.0, ≤ 4.6.22018-07-26
CVE-2018-0607 [HIGH] CWE-89 CVE-2018-0607: SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 all SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
nvd
CVE-2016-1218P3HIGHCVSS 8.8≤ 4.2.12017-04-20
CVE-2016-1218 [HIGH] CWE-89 CVE-2016-1218: SQL injection vulnerability in Cybozu Garoon before 4.2.2. SQL injection vulnerability in Cybozu Garoon before 4.2.2.
nvd
CVE-2015-5647P3HIGHCVSS 8.5v3.0.0v3.0.1+22 more2015-10-12
CVE-2015-5647 [HIGH] CWE-94 CVE-2015-5647: The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote auth The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.
nvd
CVE-2019-5991P3HIGHCVSS 7.6≥ 4.0.0, ≤ 4.10.32019-09-12
CVE-2019-5991 [HIGH] CWE-89 CVE-2019-5991: SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attacke SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
nvd
CVE-2015-5646P3HIGHCVSS 8.5v3.0.0v3.0.1+22 more2015-10-12
CVE-2015-5646 [HIGH] CWE-94 CVE-2015-5646: Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute a Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.
nvd
CVE-2020-5580P3HIGHCVSS 8.1≥ 4.0.0, ≤ 5.0.12020-06-30
CVE-2020-5580 [HIGH] CVE-2020-5580: Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to v Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.
nvd
CVE-2022-29484P3HIGHCVSS 8.1≥ 4.0.0, ≤ 5.9.02022-07-04
CVE-2022-29484 [HIGH] CVE-2022-29484: Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.
nvd
CVE-2018-16178P3HIGHCVSS 7.5≥ 3.0.0, ≤ 4.10.02019-01-09
CVE-2018-16178 [HIGH] CVE-2018-16178: Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view informati Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function.
nvd
CVE-2022-30602P3HIGHCVSS 8.1≥ 4.0.0, ≤ 5.9.12022-07-11
CVE-2022-30602 [HIGH] CVE-2022-30602: Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remot Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.
nvd
CVE-2020-5567P3HIGHCVSS 7.5≥ 4.0.0, ≤ 4.10.32020-04-28
CVE-2020-5567 [HIGH] CWE-287 CVE-2020-5567: Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to ob Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.
nvd
CVE-2016-1189P3HIGHCVSS 8.1v3.1.0v3.1.1+19 more2016-06-25
CVE-2016-1189 [HIGH] CVE-2016-1189: Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrict Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
nvd
CVE-2018-0673P3HIGHCVSS 8.1≥ 3.5.0, ≤ 4.6.32018-11-15
CVE-2018-0673 [HIGH] CWE-22 CVE-2018-0673: Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors.
nvd
CVE-2019-5934P3HIGHCVSS 7.2≥ 4.0.0, ≤ 4.10.02019-05-17
CVE-2019-5934 [HIGH] CWE-89 CVE-2019-5934: SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
nvd
CVE-2026-22888P3HIGHCVSS 7.5≥ 5.0.0, < 6.0.32026-02-02
CVE-2026-22888 [HIGH] CWE-231 CVE-2026-22888: Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthor Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.
nvd
1 / 10Next →
Cybozu Garoon vulnerabilities | cvebase