Cybozu Garoon vulnerabilities
198 known vulnerabilities affecting cybozu/garoon.
Total CVEs
198
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH24MEDIUM158LOW12
Vulnerabilities
Page 5 of 10
CVE-2021-20766P4MEDIUMCVSS 6.1≥ 4.0.0, ≤ 5.0.22021-08-18
CVE-2021-20766 [MEDIUM] CWE-79 CVE-2021-20766: Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attack
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
nvd
CVE-2021-20767P4MEDIUMCVSS 5.4≥ 4.0.0, ≤ 5.0.22021-08-18
CVE-2021-20767 [MEDIUM] CWE-79 CVE-2021-20767: Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remo
Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
nvd
CVE-2024-39457P4MEDIUMCVSS 5.4≥ 6.0.0, < 6.0.22024-07-19
CVE-2024-39457 [MEDIUM] CWE-79 CVE-2024-39457: Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this v
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.
nvd
CVE-2020-5588P4MEDIUMCVSS 4.9v5.0.0v5.0.12020-06-30
CVE-2020-5588 [MEDIUM] CWE-22 CVE-2020-5588: Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator righ
Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors.
nvd
CVE-2008-6569P4MEDIUMCVSS 6.8v2.0.0v2.0.1+9 more2009-03-31
CVE-2008-6569 [MEDIUM] CWE-287 CVE-2008-6569: Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijac
Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page.
nvd
CVE-2018-0548P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 4.6.02018-04-16
CVE-2018-0548 [MEDIUM] CVE-2018-0548: Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to v
Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space" via unspecified vectors.
nvd
CVE-2019-5943P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 4.10.12019-05-17
CVE-2019-5943 [MEDIUM] CVE-2019-5943: Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.
nvd
CVE-2017-2095P4MEDIUMCVSS 4.3v3.0.0v3.0.1+26 more2017-04-28
CVE-2017-2095 [MEDIUM] CVE-2017-2095: Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in t
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.
nvd
CVE-2017-2091P4MEDIUMCVSS 4.3v3.0.0v3.0.1+26 more2017-04-28
CVE-2017-2091 [MEDIUM] CVE-2017-2091: Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in P
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.
nvd
CVE-2016-4908P4MEDIUMCVSS 4.3v3.0.0v3.0.1+25 more2017-06-09
CVE-2016-4908 [MEDIUM] CWE-284 CVE-2016-4908: Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to a
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
nvd
CVE-2019-5935P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 4.10.12019-05-17
CVE-2019-5935 [MEDIUM] CVE-2019-5935: Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information.
nvd
CVE-2019-5944P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 4.10.12019-05-17
CVE-2019-5944 [MEDIUM] CVE-2019-5944: Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alt
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.
nvd
CVE-2016-4910P4MEDIUMCVSS 4.3v3.0.0v3.0.1+25 more2017-06-09
CVE-2016-4910 [MEDIUM] CWE-284 CVE-2016-4910: Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to d
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.
nvd
CVE-2017-2094P4MEDIUMCVSS 4.3v3.0.0v3.0.1+26 more2017-04-28
CVE-2017-2094 [MEDIUM] CWE-269 CVE-2017-2094: Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in W
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
nvd
CVE-2018-0550P4MEDIUMCVSS 4.3≥ 3.5.0, ≤ 4.6.12018-04-16
CVE-2018-0550 [MEDIUM] CVE-2018-0550: Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to v
Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors.
nvd
CVE-2018-0531P4MEDIUMCVSS 4.3≥ 3.0.0, ≤ 4.2.62018-04-16
CVE-2018-0531 [MEDIUM] CVE-2018-0531: Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to v
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors.
nvd
CVE-2021-20768P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.0.22021-08-18
CVE-2021-20768 [MEDIUM] CVE-2021-20768: Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to
Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.
nvd
CVE-2021-20757P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.0.22021-08-18
CVE-2021-20757 [MEDIUM] CVE-2021-20757: Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a rem
Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
nvd
CVE-2021-20759P4MEDIUMCVSS 4.3≥ 4.6.0, ≤ 5.0.22021-08-18
CVE-2021-20759 [MEDIUM] CVE-2021-20759: Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a r
Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
nvd
CVE-2022-27661P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.5.12022-07-04
CVE-2022-27661 [MEDIUM] CVE-2022-27661: Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remo
Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.
nvd