cbcvebase.

Cybozu Garoon vulnerabilities

198 known vulnerabilities affecting cybozu/garoon.

Total CVEs
198
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH24MEDIUM158LOW12

Vulnerabilities

Page 3 of 10
CVE-2020-5583P4MEDIUMCVSS 6.5≥ 4.0.0, ≤ 5.0.12020-06-30
CVE-2020-5583 [MEDIUM] CVE-2020-5583: Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to o Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors.
nvd
CVE-2024-31400P4MEDIUMCVSS 6.5≥ 5.5.0, < 6.0.02024-06-11
CVE-2024-31400 [MEDIUM] CWE-922 CVE-2024-31400: Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.
nvd
CVE-2013-0701P4MEDIUMCVSS 6.0v2.5.0v3.5.32013-02-14
CVE-2013-0701 [MEDIUM] CWE-89 CVE-2013-0701: SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users t SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege.
nvd
CVE-2016-1191P4MEDIUMCVSS 5.3v3.0.0v3.0.1+23 more2016-06-19
CVE-2016-1191 [MEDIUM] CWE-22 CVE-2016-1191: Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 al Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.
nvd
CVE-2019-5936P4MEDIUMCVSS 5.4≥ 4.0.0, ≤ 4.10.12019-05-17
CVE-2019-5936 [MEDIUM] CWE-22 CVE-2019-5936: Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attac Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.
nvd
CVE-2022-26368P4MEDIUMCVSS 5.4≥ 4.0.0, ≤ 5.5.12022-07-04
CVE-2022-26368 [MEDIUM] CVE-2022-26368: Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.
nvd
CVE-2016-1194P4MEDIUMCVSS 6.5v4.2.02017-04-21
CVE-2016-1194 [MEDIUM] CWE-399 CVE-2016-1194: Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service. Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.
nvd
CVE-2016-1188P4MEDIUMCVSS 6.5v3.1.0v3.1.1+19 more2016-06-25
CVE-2016-1188 [MEDIUM] CVE-2016-1188: Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail mess Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.
nvd
CVE-2020-5587P4MEDIUMCVSS 6.5≥ 4.0.0, ≤ 5.0.12020-06-30
CVE-2020-5587 [MEDIUM] CVE-2020-5587: Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information v Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.
nvd
CVE-2015-5649P4HIGHCVSS 7.0v3.0.0v3.0.1+19 more2015-10-08
CVE-2015-5649 [HIGH] CWE-287 CVE-2015-5649: Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allo Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges.
nvd
CVE-2022-29892P4MEDIUMCVSS 6.5≥ 4.0.0, ≤ 5.5.12022-07-04
CVE-2022-29892 [MEDIUM] CWE-20 CVE-2022-29892: Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote aut Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).
nvd
CVE-2016-1213P4MEDIUMCVSS 6.1≤ 4.2.12017-04-20
CVE-2016-1213 [MEDIUM] CWE-601 CVE-2016-1213: The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
nvd
CVE-2017-2145P4MEDIUMCVSS 5.4v4.0.0v4.0.1+7 more2017-07-07
CVE-2017-2145 [MEDIUM] CWE-384 CVE-2017-2145: Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform ar Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.
nvd
CVE-2016-1195P4HIGHCVSS 7.4v3.0.0v3.0.1+23 more2016-06-19
CVE-2016-1195 [HIGH] CVE-2016-1195: Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to red Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
nvd
CVE-2024-31403P4MEDIUMCVSS 5.4≥ 5.5.0, < 6.0.12024-06-11
CVE-2024-31403 [MEDIUM] CWE-863 CVE-2024-31403: Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.
nvd
CVE-2020-5562P4MEDIUMCVSS 4.9≥ 4.6.0, ≤ 4.6.32020-04-28
CVE-2020-5562 [MEDIUM] CWE-918 CVE-2020-5562: Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote att Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function.
nvd
CVE-2014-1989P4MEDIUMCVSS 6.0v3.0.0v3.0.1+16 more2014-05-02
CVE-2014-1989 [MEDIUM] CWE-264 CVE-2014-1989: Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restri Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls.
nvd
CVE-2021-20764P4MEDIUMCVSS 5.3≥ 4.0.0, ≤ 5.0.22021-08-18
CVE-2021-20764 [MEDIUM] CWE-20 CVE-2021-20764: Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.
nvd
CVE-2022-28713P4MEDIUMCVSS 5.3≥ 4.10.0, ≤ 5.5.12022-07-04
CVE-2022-28713 [MEDIUM] CWE-287 CVE-2022-28713: Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.
nvd
CVE-2018-0533P4MEDIUMCVSS 4.9≥ 3.0.0, ≤ 4.2.62018-04-16
CVE-2018-0533 [MEDIUM] CVE-2018-0533: Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to a Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors.
nvd
Cybozu Garoon vulnerabilities | cvebase