Cybozu Garoon vulnerabilities
198 known vulnerabilities affecting cybozu/garoon.
Total CVEs
198
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH24MEDIUM158LOW12
Vulnerabilities
Page 2 of 10
CVE-2024-31401P3CRITICALCVSS 9.0≥ 5.5.0, < 6.0.02024-06-11
CVE-2024-31401 [CRITICAL] CWE-79 CVE-2024-31401: Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated at
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.
nvd
CVE-2019-5931P3HIGHCVSS 8.7≥ 4.0.0, ≤ 4.6.32019-05-17
CVE-2019-5931 [HIGH] CWE-20 CVE-2019-5931: Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges
Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors.
nvd
CVE-2014-1996P3HIGHCVSS 7.5v3.7v3.7.02014-07-20
CVE-2014-1996 [HIGH] CWE-264 CVE-2014-1996: Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restriction
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.
nvd
CVE-2020-5584P3HIGHCVSS 7.5≥ 4.0.0, ≤ 5.0.12020-06-30
CVE-2020-5584 [HIGH] CVE-2020-5584: Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified
Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.
nvd
CVE-2016-7802P3MEDIUMCVSS 6.5v3.0.0v3.0.1+25 more2017-06-09
CVE-2016-7802 [MEDIUM] CWE-22 CVE-2016-7802: Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attack
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
nvd
CVE-2020-5643P3MEDIUMCVSS 6.5≥ 5.0.0, ≤ 5.0.22020-11-06
CVE-2020-5643 [MEDIUM] CWE-20 CVE-2020-5643: Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticate
Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector.
nvd
CVE-2013-6929P3MEDIUMCVSS 6.5≤ 3.7v3.72013-12-28
CVE-2013-6929 [MEDIUM] CWE-89 CVE-2013-6929: SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users t
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input.
nvd
CVE-2016-1193P3HIGHCVSS 7.5v3.7.0v3.7.1+9 more2016-06-25
CVE-2016-1193 [HIGH] CWE-200 CVE-2016-1193: Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
nvd
CVE-2016-4907P3HIGHCVSS 8.8v3.0.0v3.0.1+25 more2017-06-09
CVE-2016-4907 [HIGH] CWE-352 CVE-2016-4907: Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
nvd
CVE-2013-6006P3MEDIUMCVSS 5.8v3.5v3.5.3+1 more2013-12-28
CVE-2013-6006 [MEDIUM] CWE-287 CVE-2013-6006: Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modi
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request.
nvd
CVE-2020-5581P3MEDIUMCVSS 6.5≥ 4.0.0, ≤ 5.0.12020-06-30
CVE-2020-5581 [MEDIUM] CWE-22 CVE-2020-5581: Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers t
Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors.
nvd
CVE-2013-6001P3MEDIUMCVSS 6.5≤ 3.7v2.0+5 more2013-12-05
CVE-2013-6001 [MEDIUM] CWE-89 CVE-2013-6001: SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote auth
SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
nvd
CVE-2021-20758P4HIGHCVSS 8.0≥ 4.0.0, ≤ 5.0.22021-08-18
CVE-2021-20758 [HIGH] CWE-352 CVE-2021-20758: Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.
nvd
CVE-2014-0821P4MEDIUMCVSS 6.5v2.0v2.0.0+22 more2014-02-27
CVE-2014-0821 [MEDIUM] CVE-2014-0821: SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x throu
SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931.
nvd
CVE-2022-29512P4MEDIUMCVSS 6.5≥ 4.0.0, ≤ 5.9.12022-07-11
CVE-2022-29512 [MEDIUM] CWE-200 CVE-2022-29512: Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu
Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.
nvd
CVE-2020-5563P4MEDIUMCVSS 5.3≥ 4.0.0, ≤ 4.10.32020-04-28
CVE-2020-5563 [MEDIUM] CWE-287 CVE-2020-5563: Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to ob
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API.
nvd
CVE-2016-1190P4MEDIUMCVSS 6.5v3.1.0v3.1.1+19 more2016-06-25
CVE-2016-1190 [MEDIUM] CWE-284 CVE-2016-1190: Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on M
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.
nvd
CVE-2013-6930P4MEDIUMCVSS 6.5v2.0v2.0.0+33 more2014-01-29
CVE-2013-6930 [MEDIUM] CWE-89 CVE-2013-6930: SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0
SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
nvd
CVE-2013-6931P4MEDIUMCVSS 6.5v3.7.0v3.7.1+1 more2014-01-29
CVE-2013-6931 [MEDIUM] CVE-2013-6931: SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticat
SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
nvd
CVE-2013-6004P4MEDIUMCVSS 6.8≤ 3.7v2.0+6 more2013-12-05
CVE-2013-6004 [MEDIUM] CWE-264 CVE-2013-6004: Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web s
Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors.
nvd